id: CNVD-2020-67113 info: name: H5S CONSOLE - Unauthorized Access author: ritikchaddha severity: medium description: H5S CONSOLE is susceptible to an unauthorized access vulnerability. reference: - https://vul.wangan.com/a/CNVD-2020-67113 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cwe-id: CWE-425 metadata: verified: true max-request: 2 shodan-query: http.title:"H5S CONSOLE" tags: cnvd,cnvd2020,h5s,unauth,h5sconsole http: - method: GET path: - "{{BaseURL}}/api/v1/GetSrc" - "{{BaseURL}}/api/v1/GetDevice" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - 'strUser' - 'strPasswd' condition: and - type: word part: body words: - 'H5_AUTO' - 'H5_DEV' condition: or - type: word part: header words: - "application/json" - type: status status: - 200 # digest: 4a0a004730450221009699239931e6e4becf71892aeb11692cfd9d64a3ab68b722b6ac11bd2145932b02200ebc3e717d8f7e13284940a74c6e295db280a0da787c8cb68551251918bbc153:922c64590222798bb761d5b6d8e72950