### Authenticated RCE on Comtech Stampede FX-1010 (CVE-2020-7242)
**[Comtech] Authenticated RCE on Comtech Stampede FX-1010 (CVE-2020-7242)**
The web application used for the management and administration of Compression
Bandwidth Optimization Platform has a critical vulnerability that allow to an
attacker to do a Remote Code Execution with root access. That is, the
application allows to gain full control over the server.
## Comtech Stampede FX-1010
[
](https://images.seebug.org/1583428860415-w331s)
Vendor WebSite:
<http://www.comtechtel.com/>
You can search for vulnerable sites on google with the following dork **"Comtech FX Series"** or maybe in shodan if you want.
We need to use the default comtech credentials to access on the administration
panel (comtech:comtech)
[](https://images.seebug.org/1583428874179-w331s)
Go to the Menu and click on Operations > Diagnostics > Trace Route
[](https://images.seebug.org/1583428876576-w331s)
On target IP Address input we can Trace Route an IP but we can add other
command behind of ";" in this case, we are going to use an "whoami" command.
[](https://images.seebug.org/1583428878925-w331s)
When we press OK, the result show us the username "comtech".
[](https://images.seebug.org/1583428881744-w331s)
Now we create a python script to get a reverse shell with full control of the
system.
[](https://images.seebug.org/1583428885140-w331s)
Getting the reverse shell.
[](https://images.seebug.org/1583428889834-w331s)
Happy hacking.
By [@CesarSilence](https://twitter.com/cesarsilence)
##
##
京公网安备 11010502034610号
暂无评论