Auerswald COMpact 8.0B Backdoors exploit
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.
Product: COMpact 3000 ISDN, COMpact 3000 analog, COMpact 3000 VoIP, COMpact 4000, COMpact 5000(R), COMpact 5200(R), COMpact 5500R, COMmander 6000(R)(RX), COMpact 5010 VoIP, COMpact 5020 VoIP, COMmander Business(19"), COMmander Basic.2(19").
Affected Versions: <= 8.0B (COMpact 4000, COMpact 5000(R), COMpact 5200(R), COMpact 5500R, COMmander 6000(R)(RX)), <= 4.0S (COMpact 3000 ISDN, COMpact 3000 analog, COMpact 3000 VoIP).
Fixed Versions: 8.2B, 4.0T.
Vulnerability Type: Backdoor.
Security Risk: high.
pip3 install requests lxml BeautifulSoup pandas python3 flagger.py http(s)://ippython3 CVE-2021-40859.py ip:portflagger
flagger does checks based on the vulnerable product list and if matches then it flags it as vulnerable and for further confirmation Please run CVE-2021-40859.py .
This exploit code checks if your Auerswald COMpact server is accessible using the backdoors.
https://packetstormsecurity.com/files/165168/Auerswald-COMpact-8.0B-Backdoors.html