# CVE-2022-3236
Unauthenticated rce in sophos User Portal and Webadmin components mass exploitation tool

unauthenticated remote code execution in userportal and webadmin component of sophos firewall
according to shodan there is more than 230k internet exposed of these vulnerable instances.
the script works with list of ips (batch exploiting/mass exploiting) and single target.
as of now its possible to get arround 100k bots (mostly devices are 64bits with minority running in 32bits)
we including the exploit and list of servers extracted from shodan:

![Alt text](/shodan.png "shodan Dork")
vulnerable products:

    v19.0 GA, MR1, and MR1-1

    v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4

    v18.0 MR3, MR4, MR5, and MR6

    v17.5 MR12, MR13, MR14, MR15, MR16, and MR17

    v17.0 MR10
all versions before september 21