Vulnerability Details : CVE-2015-4624
Public exploit exists!
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
Vulnerability category: Cross-site request forgery (CSRF)BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2015-4624
14.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-4624
-
Hak5 WiFi Pineapple Preconfiguration Command Injection
Disclosure Date: 2015-08-01First seen: 2020-04-26exploit/linux/http/pineapple_bypass_cmdinjectThis module exploits a login/csrf check bypass vulnerability on WiFi Pineapples version 2.0 <= pineapple < 2.4. These devices may typically be identified by their SSID beacons of 'Pineapple5_....'; Provided as part of the TospoVirus workshop at DEFCON23. Authors: - catato -
Hak5 WiFi Pineapple Preconfiguration Command Injection
Disclosure Date: 2015-08-01First seen: 2020-04-26exploit/linux/http/pineapple_preconfig_cmdinjectThis module exploits a command injection vulnerability on WiFi Pineapples version 2.0 <= pineapple < 2.4. We use a combination of default credentials with a weakness in the anti-csrf generation to achieve command injection on fresh pineapple devices prior to configuration. Additio
CVSS scores for CVE-2015-4624
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:A/AC:H/Au:N/C:P/I:P/A:P |
3.2
|
6.4
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2015-4624
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4624
-
http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html
Hak5 WiFi Pineapple Preconfiguration Command Injection 2 ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/40609/
Hak5 WiFi Pineapple 2.4 - Preconfiguration Command Injection (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/536184/100/500/threaded
SecurityFocus
-
http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html
WiFi Pineapple Predictable CSRF Token ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Products affected by CVE-2015-4624
- cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.3:*:*:*:*:*:*:*
- cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.2:*:*:*:*:*:*:*