Unauthenticated rce in sophos User Portal and Webadmin components mass exploitation tool
unauthenticated remote code execution in userportal and webadmin component of sophos firewall
according to shodan there is more than 230k internet exposed of these vulnerable instances.
the script works with list of ips (batch exploiting/mass exploiting) and single target.
as of now its possible to get arround 100k bots (mostly devices are 64bits with minority running in 32bits)
we including the exploit and list of servers extracted from shodan: https://tiny.one/sophos
v19.0 GA, MR1, and MR1-1
v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
v18.0 MR3, MR4, MR5, and MR6
v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
all versions before september 21