Closed awnumar closed 8 years ago
Most embedded systems use busybox ash(or other tiny shell variations) that are not effected by shellshock.
If we are talking about well advertised vulnerabilities with unique names, then it make sense to add heartbleed. Many routers use old openssl.
@libeclipse @m0sia that are actually very good ideas. Shellshock vulnerability is not so common on embedded device nevertheless it is worth to implement module for this as well.
@libeclipse I added new module with this commit: 2e2f1646e8f0734ec52378c0bc5c302545397272 @m0sia I also added new module request for heartbleed: https://github.com/reverse-shell/routersploit/issues/72
Manufacturers are pretty relaxed about firmware updates. After shellshock was discovered, not many home devices were patched. I'd wager most home-routers can still be pwned using it.