This exploit leverages an arbitrary file read vulnerability in Plantronics Hub 3.25.1 by placing a crafted 'MajorUpgrade.config' file in a specific directory, causing the target file to be copied to a predictable location. The PoC is straightforward and relies on the application's improper handling of the configuration file.
Classification
Working Poc 100%
Target:
Plantronics Hub for Windows version 3.25.1
No auth needed
Prerequisites:
Write access to 'C:\ProgramData\Plantronics\Spokes3G' directory · Plantronics Hub 3.25.1 installed on Windows 10/11