deos-open500ems-panel: DEOS OPEN 500EMS Controller - Admin Exposure

日期: 2025-08-01 | 影响软件: deos-open500ems-panel | POC: 已公开

漏洞描述

The DEOS OPEN 500EMS controller exposes administrative functions without authentication.

PoC代码[已公开]

id: deos-open500ems-panel

info:
  name: DEOS OPEN 500EMS Controller - Admin Exposure
  author: sullo
  severity: high
  description: |
    The DEOS OPEN 500EMS controller exposes administrative functions without authentication.
  reference:
    - https://www.deos-ag.com/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cwe-id: CWE-284
  metadata:
    max-request: 2
  tags: openv500,disclosure,panel,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/cosmobdf.cgi?function=0"
      - "{{BaseURL}}/cgi-bin/cosmobdf.cgi?function=1"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - '<b>OPENview</b>'
          - '/cgi-bin/cosmobdf.cgi?function=12'
          - '/cgi-bin/cosmobdf.cgi?function=2'
        condition: or
# digest: 490a004630440220590a85a137bd5910ff072099eebafdf6a5741496d7a8478a37ecec49579f0537022060af5900f28b79a9b13797b619b2723cb3d12b566aae4a1e3475934d9f1c663c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/deos-open500-admin.yaml