Create CVE-2014-2321.yaml

2021-04-23 13:32:38 +00:00 · 2021-04-23 13:32:38 +00:00 · debd9dd2bc
parent f10fcbcf2f
commit debd9dd2bc
1 changed files with 28 additions and 0 deletions
--- a/cves/2014/CVE-2014-2321.yaml
+++ b/cves/2014/CVE-2014-2321.yaml
@ -0,0 +1,28 @@
+id: CVE-2014-2321
+
+info:
+  name: ZTE Cable Modem Web Shell
+  description: web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
+  author: geeknik
+  reference:
+    - https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/
+    - https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/
+  severity: high
+  tags: iot,cve,cve2014
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/web_shell_cmd.gch"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "please input shell command"
+          - "ZTE Corporation. All rights reserved"
+        part: body
+        condition: and
+      - type: status
+        status:
+          - 200