daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-32429.yaml

patch-1
Abhinav Gaur 2023-01-23 17:29:34 +05:30 committed by GitHub
parent 2548e39db7
commit eb2a0225d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2022/CVE-2022-32429.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-32429
info:
name: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion (RCE)
name: MSNSwitch Firmware MNT.2408 - configuration dump
author: theabhinavgaur
severity: critical
description: |
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.
The vulnerability is an authentication bypass which allows the full configuration of the unit to be downloaded. The credentials obtained here can then be used via a local subnet vulnerability to obtain a full root shell on the device.
reference:
- https://packetstormsecurity.com/files/169819/MSNSwitch-Firmware-MNT.2408-Remote-Code-Execution.html
- https://elifulkerson.com/CVE-2022-32429/
@ -16,7 +16,7 @@ info:
metadata:
verified: "true"
shodan-query: "MSNSwitch"
tags: cve,cve2022,msmswitch,unauth,switch
tags: cve,cve2022,msmswitch,unauth,switch,configuration-dump
requests: