Wavlink router remote code execution exploit code and patch code. (wavlink n300). This exploit requiers no authentication other than being on the same sub network. The exploit will give RCE with root access.
python3 Exploit.py 192.168.0.1
04/06/2018
pip install requests python version 3
The router has a hidden developer console that can be accesssed over port 80, the program will make requests to emulate a shell and allow remote code execution on the target
The patch works by exploiting the system and removing the vulnerable file to prevent further exploitation
Use this code at your own risk, this code comes with no warrenty. Never run this code against a wavlink router that you do not own, even the patch.
Feel free to contribute as my error testing is not comprehensive also I have no tested the patch (as this would fix my router and I want to be able to play with other bin files etc on the router)