From 77a205f83158a719d4593c0aff7819435688ca19 Mon Sep 17 00:00:00 2001
From: sullo <sullo@cirt.net>
Date: Wed, 1 Jun 2022 15:47:28 -0400
Subject: [PATCH] Enhance CVE-2021-33044.yaml manually Remove null file added
 during Dashboard flakiness

---
 cves/2021/CVE-2021-33044.yaml |  6 ++++--
 null                          | 40 -----------------------------------
 2 files changed, 4 insertions(+), 42 deletions(-)
 delete mode 100644 null

diff --git a/cves/2021/CVE-2021-33044.yaml b/cves/2021/CVE-2021-33044.yaml
index 09217ac1d6..c3764dd5b0 100644
--- a/cves/2021/CVE-2021-33044.yaml
+++ b/cves/2021/CVE-2021-33044.yaml
@@ -1,10 +1,10 @@
 id: CVE-2021-33044
 
 info:
-  name: Dahua IPC/VTH/VTO devices Authentication Bypass
+  name: Dahua IPC/VTH/VTO - Authentication Bypass
   author: gy741
   severity: critical
-  description: The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
+  description: Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
   reference:
     - https://github.com/dorkerdevil/CVE-2021-33044
     - https://nvd.nist.gov/vuln/detail/CVE-2021-33044
@@ -53,3 +53,5 @@ requests:
         part: body
         regex:
           - ',"result":true,"session":"([a-z]+)"\}'
+
+# Enhanced by cs on 2022/06/01
diff --git a/null b/null
deleted file mode 100644
index 4b19777eb3..0000000000
--- a/null
+++ /dev/null
@@ -1,40 +0,0 @@
-id: CVE-2019-12583
-
-info:
-  name: Zyxel ZyWall UAG/USG - Missing ACL Guest Account Generator
-  author: n-thumann
-  severity: critical
-  description: Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
-  reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-12583
-    - https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
-    - https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
-  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
-    cvss-score: 9.1
-    cve-id: CVE-2019-12583
-    cwe-id: CWE-425
-  tags: cve,cve2019,zyxel,zywall
-
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-      - "{{BaseURL}}/free_time.cgi"
-
-    req-condition: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(body_1, 'zyFunction.js')"
-          - "!contains(body_1, '/free_time_transaction.cgi')"
-          - "!contains(body_2, '/free_time_failed.cgi?err_msg=The Free Time feature is disabled at this time.')"
-        condition: and
-
-      - type: status
-        status:
-          - 200
-
-# Enhanced by cs on 2022/06/01