Enhancement: vulnerabilities/other/commax-credentials-disclosure.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-27 14:28:13 -04:00
parent 3bb9b3b9b4
commit 29bb7d1fd3
1 changed files with 3 additions and 1 deletions

View File

@ -4,7 +4,7 @@ info:
name: COMMAX Smart Home Ruvie CCTV Bridge DVR - RTSP Credentials Disclosure name: COMMAX Smart Home Ruvie CCTV Bridge DVR - RTSP Credentials Disclosure
author: gy741 author: gy741
severity: critical severity: critical
description: The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose RTSP credentials in plain-text description: The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose real time streaming protocol (RTSP) credentials in plain-text.
reference: reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php
tags: commax,exposure,camera,iot tags: commax,exposure,camera,iot
@ -28,3 +28,5 @@ requests:
part: body part: body
regex: regex:
- 'rtsp:\/\/([a-z:0-9A-Z@$.]+)\/Streaming\/Chann' - 'rtsp:\/\/([a-z:0-9A-Z@$.]+)\/Streaming\/Chann'
# Enhanced by mp on 2022/05/27