dd-wrt-controlpanel-exposure: DD-WRT Control Panel - Exposure

日期: 2025-08-01 | 影响软件: dd-wrt-controlpanel-exposure | POC: 已公开

漏洞描述

The DD-WRT web interface was found exposed without proper access controls, potentially allowing unauthorized users to view.

PoC代码[已公开]

id: dd-wrt-controlpanel-exposure

info:
  name: DD-WRT Control Panel - Exposure
  author: DhiyaneshDk
  severity: low
  description: |
    The DD-WRT web interface was found exposed without proper access controls, potentially allowing unauthorized users to view.
  reference:
    - https://wiki.dd-wrt.com/wiki/index.php/Web_interface
    - https://dd-wrt.com/
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:252728887
  tags: dd-wrt,exposure,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body, 'DD-WRT Control Panel','WAN IPv6')"
          - "status_code == 200"
        condition: and
# digest: 490a0046304402207df5cde23a21f4ee2d4811b39e9ecc9e6380c71bdb95106ac7df8a36d59cf589022043495e1fb6591ccb841f7a2468a36bf61ff5e10c28ebaa95a1b3a3f1fee4e988:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/dd-wrt-controlpanel-exposure.yaml