From c59b3835f9860bee0cbe4dbefa601106f31594c2 Mon Sep 17 00:00:00 2001 From: gwillcox-r7 Date: Thu, 13 Aug 2020 15:18:10 -0500 Subject: [PATCH] Fix up module description to have better sentence structure and English and to also include the actual versions of the products that were affected in addition to the firmware versions. This prevents people from having to read the documentation to find affected targets --- .../linux/http/geutebruck_testaction_exec.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/exploits/linux/http/geutebruck_testaction_exec.rb b/modules/exploits/linux/http/geutebruck_testaction_exec.rb index e53923e0d5..6037275fa4 100644 --- a/modules/exploits/linux/http/geutebruck_testaction_exec.rb +++ b/modules/exploits/linux/http/geutebruck_testaction_exec.rb @@ -14,15 +14,15 @@ class MetasploitModule < Msf::Exploit::Remote info, 'Name' => 'Geutebruck testaction.cgi Remote Command Execution', 'Description' => %q{ - This module exploits an arbitrary command execution vulnerability. The - vulnerability exists in the /uapi-cgi/testaction.cgi page and allows an - authenticated user to execute arbitrary commands with root privileges. - Firmware <= 1.12.0.25 and also the 1.12.13.2 and the 1.12.14.5 "limited versions" are concerned. - Tested on 5.02024 G-Cam/EFD-2250 running 1.12.14.5 firmware. + This module exploits an authenticated arbitrary command execution vulnerability within the + /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, + ETHC-22xx, and EWPC-22xx devices running firmware versions <= 1.12.0.25 as well as firmware + versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as + the root user. }, 'Author' => [ - 'Davy Douhine' + 'Davy Douhine' # ddouhine ], 'License' => MSF_LICENSE, 'References' =>