mirror of https://github.com/qwqdanchun/Goby.git
43 lines
1.3 KiB
JSON
43 lines
1.3 KiB
JSON
|
{
|
|||
|
|
"Name": "Topsec Firewall telnet default account",
|
|||
|
|
"Description": "天融信防火墙telnet默认口令,攻击者可利用默认口令登录telnet,并执行设备配置命令,甚至控制整个设备。",
|
|||
|
|
"Product": "Topsec-Firewall",
|
|||
|
|
"Homepage": "https://www.topsec.com.cn/",
|
|||
|
|
"DisclosureDate": "2020-08-11",
|
|||
|
|
"Author": "itardc@163.com",
|
|||
|
|
"FofaQuery": "app=\"TOPSEC-Firewall\"",
|
|||
|
|
"GobyQuery": "",
|
|||
|
|
"Level": "3",
|
|||
|
|
"Impact": "天融信防火墙telnet默认口令,攻击者可利用superman:talent口令登录telnet,并执行设备配置命令,甚至控制整个设备。",
|
|||
|
|
"Recommendation": "修改默认口令,密码最好包含大小写字母、数字和特殊字符等且位数大于8位;如非必要,禁止公网访问该设备;白名单限制可访问IP。",
|
|||
|
|
"References": [
|
|||
|
|
"https://fofa.so"
|
|||
|
|
],
|
|||
|
|
"HasExp": true,
|
|||
|
|
"ExpParams": [
|
|||
|
|
{
|
|||
|
|
"name": "cmd",
|
|||
|
|
"type": "input",
|
|||
|
|
"value": "show-running"
|
|||
|
|
}
|
|||
|
|
],
|
|||
|
|
"ExpTips": {
|
|||
|
|
"Type": "",
|
|||
|
|
"Content": ""
|
|||
|
|
},
|
|||
|
|
"ScanSteps": null,
|
|||
|
|
"ExploitSteps": null,
|
|||
|
|
"Tags": [
|
|||
|
|
"defaultaccount"
|
|||
|
|
],
|
|||
|
|
"CVEIDs": null,
|
|||
|
|
"CVSSScore": null,
|
|||
|
|
"AttackSurfaces": {
|
|||
|
|
"Application": null,
|
|||
|
|
"Support": null,
|
|||
|
|
"Service": null,
|
|||
|
|
"System": null,
|
|||
|
|
"Hardware": ["TOPSEC-Firewall"]
|
|||
|
|
},
|
|||
|
|
"Disable": false
|
|||
|
|
}
|