id: stem-audio-table-private-keys info: name: Detect Private Key on STEM Audio Table author: gy741 severity: high reference: - https://blog.grimm-co.com/2021/06/the-walls-have-ears.html tags: stem,config,exposure,iot metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/cgi-bin/privatekey.pem" matchers-condition: and matchers: - type: word words: - "BEGIN RSA PRIVATE KEY" - type: status status: - 200 - type: dsl dsl: - '!contains(tolower(body), "