Create CVE-2021-28937.yaml

2021-04-15 20:20:27 +00:00 · 2021-04-15 20:20:27 +00:00 · 6edf8c3a8b
parent b88e220cd0
commit 6edf8c3a8b
1 changed files with 26 additions and 0 deletions
--- a/cves/2021/CVE-2021-28937.yaml
+++ b/cves/2021/CVE-2021-28937.yaml
@ -0,0 +1,26 @@
+id: CVE-2021-28937
+
+info:
+  name: Acexy Wireless-N WiFi Repeater Password Disclosure
+  author: geeknik
+  description: The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.
+  reference: https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990
+  severity: medium
+  tags: cve,cve2021,acexy,disclosure,iot
+
+requests:
+  - method: GET
+      path:
+      - "{{BaseURL}}/password.html"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "Password Setting"
+          - "addCfg('username'"
+          - "addCfg('newpass'"
+        condition: and