qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/HD-Network-Real-time-Monito...

69 lines
3.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "HD-Network Real-time Monitoring System 2.0 Local File Inclusion (CVE-2021-45043)",
"Description": "<p>HD-Network Real-time Monitoring System 2.0 is a real-time network monitoring product.</p><p>HD-Network Real-time Monitoring System 2.0 has a local file inclusion (LFI) vulnerability. Attackers can obtain sensitive user information such as passwords to further control the system.</p>",
"Product": "HD-Network Real-time Monitoring System 2.0",
"Homepage": "https://www.zkteco.com",
"DisclosureDate": "2021-12-01",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"zkt_input_s\"",
"GobyQuery": "body=\"zkt_input_s\"",
"Level": "2",
"Impact": "<p>HD-Network Real-time Monitoring System 2.0 has a local file inclusion (LFI) vulnerability. Attackers can obtain sensitive user information such as passwords to further control the system.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.zkteco.com\">https://www.zkteco.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "HD-Network Real-time Monitoring System 2.0 本地文件包含漏洞CVE-2021-45043",
"VulType": ["文件包含"],
"Tags": ["文件包含"],
"Description": "<p>HD-Network Real-time Monitoring System 2.0 是一款实时的网络监控产品。</p><p>HD-Network Real-time Monitoring System 2.0 存在本地文件包含 (LFI) 漏洞,攻击者可获取密码等用户敏感信息进一步控制系统。</p>",
"Impact": "<p>HD-Network Real-time Monitoring System 2.0 存在本地文件包含 (LFI) 漏洞,攻击者可获取密码等用户敏感信息进一步控制系统。</p>",
"Product": "HD-Network Real-time Monitoring System 2.0",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://www.zkteco.com\">https://www.zkteco.com</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "HD-Network Real-time Monitoring System 2.0 Local File Inclusion (CVE-2021-45043)",
"VulType": ["file-read"],
"Tags": ["file-read"],
"Description": "<p>HD-Network Real-time Monitoring System 2.0 is a real-time network monitoring product.</p><p>HD-Network Real-time Monitoring System 2.0 has a local file inclusion (LFI) vulnerability. Attackers can obtain sensitive user information such as passwords to further control the system.</p>",
"Impact": "<p>HD-Network Real-time Monitoring System 2.0 has a local file inclusion (LFI) vulnerability. Attackers can obtain sensitive user information such as passwords to further control the system.</p>",
"Product": "HD-Network Real-time Monitoring System 2.0",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.zkteco.com\">https://www.zkteco.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-45043.yaml"
],
"HasExp": true,
"ExpParams": [
{
"name": "filepath",
"type": "input",
"value": "../../../../../../../../../../../../../../etc/passwd"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"file-read"
],
"VulType": [
"file-read"
],
"CVEIDs": [
"CVE-2021-45043"
],
"CVSSScore": "7.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink