Skip to content
/ pyubee Public
forked from mzdrale/pyubee

Simple library for getting stats from Ubee routers.

License

GPL-3.0 license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

carbolymer/pyubee

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
pyubee
pyubee
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 
tox.ini
tox.ini
 
 

Repository files navigation

PyUbee

Python library for getting stats from Ubee routers.

Installation

You can install PyUbee from PyPi using pip3 install pyubee.

Usage

To use within your Python scripts:

from pyubee import Ubee

ubee = Ubee(
                host='192.168.1.1',
                username='admin',
                password='somepassword'
            )

if not ubee.session_active():
    ubee.login()

devices = ubee.get_connected_devices()

for x in devices:
    print('%s (%s)' % (x, devices[x]))

ubee.logout()

CLI

A simple command line interface is available to query the router. The cli takes host, username, and password as mandatory arguments. The optional argument model can be used to specify the model of your routers. If model is not specified, this tool will try to detect it automatically.

$ pyubee --help
usage: pyubee [-h] [--model MODEL] host username password

pyubee

positional arguments:
  host           Host
  username       Username
  password       Password

optional arguments:
  -h, --help     show this help message and exit
  --model MODEL  Model, supported models: EVW32C-0N, EVW3200-Wifi

$ pyubee 192.168.1.1 admin somepassword
AA:BB:CC:DD:EE:FF	192.168.1.10
FF:EE:DD:CC:BB:AA	192.168.1.11

Notice

Ubee devices contain vulnerability which allows user to access Admin Web UI without logging in if someone else is logged in from the same IP address. For example if you have Ubee router (e.g. 192.168.1.1) in your home installed from your ISP and you have your own router (192.168.1.2) connected to it and you are doing NAT (Network Address Translation) on your router, then Ubee router will see all connections from clients connected to your router coming from the same IP address 192.168.1.2. In that scenario if someone logs into Ubee router Admin Web UI (http://192.168.1.1/UbeeLanSetup.asp) from Computer A, then anyone from Computer B or Computer C can access http://192.168.1.1/UbeeLanSetup.asp or any other page on 192.168.1.1 without logging in.

             +---------------+
             |               |
             |               |
             |     UBEE      |
             |               |
             |  192.168.1.1  |
             +-------+-------+
                     |
             +-------+-------+
             |  192.168.1.2  |
             |               |
             |  YOUR ROUTER  |
             |               |
             |   10.0.0.1    |
             +-------+-------+
                     |
      +-----------------------------+
      |              |              |
+-----+-----+  +-----+-----+  +-----+-----+
|  COMPUTER |  | COMPUTER  |  | COMPUTER  |
|     A     |  |     B     |  |     C     |
|           |  |           |  |           |
| 10.0.0.11 |  | 10.0.0.12 |  | 10.0.0.13 |
+-----------+  +-----------+  +-----------+

You shoud have this in your mind if you have similar setup.

Author of this package reported this issue to Vendor, even if it's known for years, but there is no response from Vendor and it looks like they are pushing firmware with the same vulnerability probably to all of their devices.

Supported routers

This library was written for and tested with:

  • Ubee EVW32C-0N
  • Ubee EVW3200-Wifi
  • Ambit EVW320B

About

Simple library for getting stats from Ubee routers.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • Python 100.0%