Merge pull request #1353 from geeknik/patch-75

Create CVE-2014-2321.yaml
2021-04-23 22:14:45 +05:30 · 2021-04-23 22:14:45 +05:30 · 4d3a55cfca
parent bd4455fd32 34d8d2a2c9
commit 4d3a55cfca
1 changed files with 29 additions and 0 deletions
--- a/cves/2014/CVE-2014-2321.yaml
+++ b/cves/2014/CVE-2014-2321.yaml
@ -0,0 +1,29 @@
+id: CVE-2014-2321
+
+info:
+  name: ZTE Cable Modem Web Shell
+  description: web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
+  author: geeknik
+  reference:
+    - https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/
+    - https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/
+  severity: high
+  tags: iot,cve,cve2014,zte
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/web_shell_cmd.gch"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "please input shell command"
+          - "ZTE Corporation. All rights reserved"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200