Ruijie NBR Series Routers - Default Login

ID: ruijie-nbr-default-login

Severity: high

Author: pussycat0x

Tags: default-login,ruijie-nbr

Description

Ruijie NBR Series Routers Default Login username and password was discovered.

YAML Source

id: ruijie-nbr-default-login

info:
  name: Ruijie NBR Series Routers - Default Login
  author: pussycat0x
  severity: high
  description: |
    Ruijie NBR Series Routers Default Login username and password was discovered.
  metadata:
    max-request: 1
    verified: true
    fofa-query: body="上层网络出现异常，请检查外网线路或联系ISP运营商协助排查"
  tags: default-login,ruijie-nbr

http:
  - raw:
      - |
        POST /login.cgi HTTP/1.1
        Host: {{Hostname}}
        Origin: {{RootURL}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}/login.html

        user={{username}}&password={{password}}

    stop-at-first-match: true
    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - 'index\.htm\?_([0-9]+)'

      - type: status
        status:
          - 200
# digest: 490a0046304402200b84c8645798a4b44fb14f8d5ba60b5bd14f60d9692fe653c231d334493f9ddd022006a92f2dcb02a55a42e4ada8b6b2d0f137cd0d39c8c6f9965d0e25a0e55e6145:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/default-logins/ruijie/ruijie-nbr-default-login.yaml"

View on Github