mirror of https://github.com/qwqdanchun/Goby.git
153 lines
5.2 KiB
JSON
153 lines
5.2 KiB
JSON
{
|
||
"Name": "腾达路由器 setusbunload 命令执行漏洞 (CVE-2020-10987)",
|
||
"Description": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Tenda AC15 AC1900是中国腾达(Tenda)公司的一款无线路由器。</span><br></p><p>Tenda AC15 AC1900 版本 15.03.05.19 的 goform/setUsbUnload 端点允许远程攻击者通过 deviceName POST 参数执行任意系统命令。</p>",
|
||
"Product": "Tenda-router",
|
||
"Homepage": "http://www.tenda.com",
|
||
"DisclosureDate": "2020-07-13",
|
||
"Author": "mahui@gobies.org",
|
||
"FofaQuery": "body=\"img/main-logo.png\" && body=\"lang/b28n_async.js\" ",
|
||
"GobyQuery": "body=\"img/main-logo.png\" && body=\"lang/b28n_async.js\" ",
|
||
"Level": "3",
|
||
"Impact": "<p><span style=\"color: var(--primaryFont-color);\">Tenda AC15 AC1900 15.03.05.19版本中的goform/setUsbUnload端点存在安全漏洞。远程攻击者可借助'deviceName'POST参数利用该漏洞执行任意系统命令。</span><br></p>",
|
||
"Recommendation": "<p>升级至最新版本,官网地址:<a href=\"http://www.tenda.com\">http://www.tenda.com</a><br></p>",
|
||
"Translation": {
|
||
"CN": {
|
||
"Name": "腾达路由器 setusbunload 命令执行漏洞 (CVE-2020-10987)",
|
||
"Product": "Tenda-router",
|
||
"Description": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Tenda AC15 AC1900是中国腾达(Tenda)公司的一款无线路由器。</span><br></p><p>Tenda AC15 AC1900 版本 15.03.05.19 的 goform/setUsbUnload 端点允许远程攻击者通过 deviceName POST 参数执行任意系统命令。</p>",
|
||
"Recommendation": "<p>升级至最新版本,官网地址:<a href=\"http://www.tenda.com\">http://www.tenda.com</a><br></p>",
|
||
"Impact": "<p><span style=\"color: var(--primaryFont-color);\">Tenda AC15 AC1900 15.03.05.19版本中的goform/setUsbUnload端点存在安全漏洞。远程攻击者可借助'deviceName'POST参数利用该漏洞执行任意系统命令。</span><br></p>",
|
||
"VulType": [
|
||
"命令执行"
|
||
],
|
||
"Tags": [
|
||
"命令执行"
|
||
]
|
||
},
|
||
"EN": {
|
||
"Name": "Tenda router setusbunload RCE (CVE-2020-10987)",
|
||
"Product": "Tenda-router",
|
||
"Description": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">Tenda AC15 AC1900 is a wireless router from China Tenda Company. </span><br></p><p>The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.</p>",
|
||
"Recommendation": "<p>Upgrade to the latest version, the official website address: <a href=\"http://www.tenda.com\">http://www.tenda.com</a><br></p>",
|
||
"Impact": "<p>A security vulnerability exists in the goform/setUsbUnload endpoint in Tenda AC15 AC1900 version 15.03.05.19. A remote attacker could exploit this vulnerability to execute arbitrary system commands with the help of the 'deviceName' POST parameter.</p>",
|
||
"VulType": [
|
||
"rce"
|
||
],
|
||
"Tags": [
|
||
"rce"
|
||
]
|
||
}
|
||
},
|
||
"References": [
|
||
"https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68",
|
||
"https://www.ise.io/research/",
|
||
"https://nvd.nist.gov/vuln/detail/CVE-2020-10987",
|
||
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10987"
|
||
],
|
||
"HasExp": true,
|
||
"ExpParams": [
|
||
{
|
||
"name": "cmd",
|
||
"type": "input",
|
||
"value": "ls"
|
||
}
|
||
],
|
||
"ExpTips": {
|
||
"Type": "",
|
||
"Content": ""
|
||
},
|
||
"ScanSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/test.php",
|
||
"follow_redirect": true,
|
||
"header": {},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "test",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"ExploitSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/test.php",
|
||
"follow_redirect": true,
|
||
"header": {},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "test",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"Tags": [
|
||
"命令执行"
|
||
],
|
||
"VulType": [
|
||
"命令执行"
|
||
],
|
||
"CVEIDs": [
|
||
"CVE-2020-10987",
|
||
"CVE-2018-14558"
|
||
],
|
||
"CVSSScore": "9.8",
|
||
"AttackSurfaces": {
|
||
"Application": null,
|
||
"Support": null,
|
||
"Service": null,
|
||
"System": null,
|
||
"Hardware": [
|
||
"router"
|
||
]
|
||
},
|
||
"CNNVD": [
|
||
"CNNVD-202007-564"
|
||
],
|
||
"CNVD": [
|
||
"CNVD-2020-41513"
|
||
]
|
||
} |