From 81dd821b03d32bfdee475de75bc0ae90bdf0648c Mon Sep 17 00:00:00 2001
From: Geeknik Labs <466878+geeknik@users.noreply.github.com>
Date: Thu, 24 Jun 2021 16:59:05 +0000
Subject: [PATCH] Create avtech-dvr-exposure.yaml

---
 exposed-panels/avtech-dvr-exposure.yaml | 26 +++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 exposed-panels/avtech-dvr-exposure.yaml

diff --git a/exposed-panels/avtech-dvr-exposure.yaml b/exposed-panels/avtech-dvr-exposure.yaml
new file mode 100644
index 0000000000..c27dd4e837
--- /dev/null
+++ b/exposed-panels/avtech-dvr-exposure.yaml
@@ -0,0 +1,26 @@
+id: avtech-dvr-exposure
+
+info:
+  name: Avtech AVC798HA DVR Information Exposure
+  description: Under the /cgi-bin/nobody folder every CGI script can be accessed without authentication.
+  reference:  http://www.avtech.com.tw/
+  author: geeknik
+  severity: low
+  tags: dvr,exposure,avtech
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/nobody/Machine.cgi?action=get_capability"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "Firmware.Version="
+          - "MACAddress="
+          - "Product.Type="
+        condition: and