Skip to content
Nuclei Templates

CAIMORE Gateway Default Login - Detect

ID: caimore-default-login

Severity: high

Author: pussycat0x

Tags: ciamore-gateway,default-login

Description

Section titled “Description”

The gateway of Xiamen Caimao Communication Technology Co., Ltd. is designed with open software architecture. It is a metal shell design, with two Ethernet RJ45 interfaces, and an industrial design wireless gateway using 3G/4G/5G wide area network for Internet communication. There is a command execution vulnerability in the formping file of the gateway of Xiamen Caimao Communication Technology Co., Ltd. An attacker can use this vulnerability to arbitrarily execute code on the server side, write to the back door, obtain server permissions, and then control the entire web server.

YAML Source

Section titled “YAML Source”
id: caimore-default-login


info:
  name: CAIMORE Gateway  Default Login - Detect
  author: pussycat0x
  severity: high
  description: |
    The gateway of Xiamen Caimao Communication Technology Co., Ltd. is designed with open software architecture. It is a metal shell design, with two Ethernet RJ45 interfaces, and an industrial design wireless gateway using 3G/4G/5G wide area network for Internet communication. There is a command execution vulnerability in the formping file of the gateway of Xiamen Caimao Communication Technology Co., Ltd. An attacker can use this vulnerability to arbitrarily execute code on the server side, write to the back door, obtain server permissions, and then control the entire web server.
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="CAIMORE-Gateway"
  tags: ciamore-gateway,default-login


http:
  - raw:
      - |
        GET /index.asp HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip, deflate
        Authorization: Basic {{base64(username + ':' + password)}}


    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "AR9344_GATEWAY"


      - type: status
        status:
          - 200
# digest: 4a0a004730450221009ebfd8be74c4a4928bbf3a1d58be4e8f1577a60eef81190a55ca2319e38c261d0220667311f4c3559d290ac82a1e226168b45b8515ef44f00f6692593088b7876709:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/default-logins/caimore/caimore-default-login.yaml"

View on Github