Merge pull request #4045 from ritikchaddha/patch-2

Create CNVD-2020-67113.yaml
2022-04-04 18:40:39 +05:30 · 2022-04-04 18:40:39 +05:30 · 314a39a9ea
parent 51392c3e72 570971861a
commit 314a39a9ea
1 changed files with 43 additions and 0 deletions
--- a/cnvd/2020/CNVD-2020-67113.yaml
+++ b/cnvd/2020/CNVD-2020-67113.yaml
@ -0,0 +1,43 @@
+id: CNVD-2020-67113
+
+info:
+  name: H5S CONSOLE Unauthorized Access Vulnerability (CNVD-2020-67113)
+  author: ritikchaddha
+  severity: high
+  description: Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE Exists Unauthorized Access Vulnerability
+  reference: https://vul.wangan.com/a/CNVD-2020-67113
+  metadata:
+    shodan-query: http.title:"H5S CONSOLE"
+  tags: h5s,unauth,h5sconsole,cnvd,cnvd2020
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/api/v1/GetSrc"
+      - "{{BaseURL}}/api/v1/GetDevice"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'strUser'
+          - 'strPasswd'
+        condition: and
+
+      - type: word
+        part: body
+        words:
+          - 'H5_AUTO'
+          - 'H5_DEV'
+        condition: or
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
+      - type: status
+        status:
+          - 200