CVE-2022-23178 PoC — Crestron Hd-Md4X2-4K-E 授权问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-23178.yaml

Associated Vulnerability

Title:Crestron Hd-Md4X2-4K-E 授权问题漏洞 (CVE-2022-23178)
Description:Crestron Hd-Md4X2-4K-E是美国Crestron公司的一个简单的使用，有四个 Hdmi 输入和两个 Hdmi 输出超高清信号切换器。 Crestron HD-MD4X2-4K-E 1.0.0.2159 存在安全漏洞，当未经身份验证的攻击者访问 Crestron HDMI 切换器的管理 Web 界面时，会披露对 Web 界面进行身份验证有效的用户凭据。

Description

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.

File Snapshot


 id: CVE-2022-23178

info:
  name: Crestron Device - Credentials Disclosure
  author: gy741
  severit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!