Enhance CVE-2021-33044.yaml manually

Remove null file added during Dashboard flakiness
2022-06-01 15:47:28 -04:00 · 2022-06-01 15:47:28 -04:00 · 77a205f831
parent 8e73b70a6c
commit 77a205f831
2 changed files with 4 additions and 42 deletions
--- a/cves/2021/CVE-2021-33044.yaml
+++ b/cves/2021/CVE-2021-33044.yaml
@ -1,10 +1,10 @@
 id: CVE-2021-33044

 info:
-  name: Dahua IPC/VTH/VTO devices Authentication Bypass
+  name: Dahua IPC/VTH/VTO - Authentication Bypass
  author: gy741
  severity: critical
-  description: The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
+  description: Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
  reference:
    - https://github.com/dorkerdevil/CVE-2021-33044
    - https://nvd.nist.gov/vuln/detail/CVE-2021-33044
@ -53,3 +53,5 @@ requests:
        part: body
        regex:
          - ',"result":true,"session":"([a-z]+)"\}'
+
+# Enhanced by cs on 2022/06/01
--- a/40
+++ b/40
@ -1,40 +0,0 @@
-id: CVE-2019-12583
-
-info:
-  name: Zyxel ZyWall UAG/USG - Missing ACL Guest Account Generator
-  author: n-thumann
-  severity: critical
-  description: Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
-  reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-12583
-    - https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
-    - https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
-  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
-    cvss-score: 9.1
-    cve-id: CVE-2019-12583
-    cwe-id: CWE-425
-  tags: cve,cve2019,zyxel,zywall
-
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-      - "{{BaseURL}}/free_time.cgi"
-
-    req-condition: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(body_1, 'zyFunction.js')"
-          - "!contains(body_1, '/free_time_transaction.cgi')"
-          - "!contains(body_2, '/free_time_failed.cgi?err_msg=The Free Time feature is disabled at this time.')"
-        condition: and
-
-      - type: status
-        status:
-          - 200
-
-# Enhanced by cs on 2022/06/01