ET WEB_SPECIFIC_APPS Totolink CP450 Information Disclosure via product.ini (CVE-2024-7332)

SID: 2056216Rev: 11 views
History
Sourceet/open
CreatedSeptember 27, 2024
UpdatedSeptember 27, 2024
Classificationattempted-recon
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Totolink CP450 Information Disclosure via product.ini (CVE-2024-7332)"; flow:established,to_server; http.method; content:"GET"; http.uri; bsize:29; content:"/web_cste/cgi-bin/product.ini"; fast_pattern; reference:url,github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7332.yaml; reference:cve,2024-7332; classtype:attempted-recon; sid:2056216; rev:1; metadata:affected_product TOTOLINK, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_09_27, cve CVE_2024_7332, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_09_27, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:dest_ip;)

References

urlgithub.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-7332.yaml
cve2024-7332

Metadata

affected productTOTOLINK
attack targetNetworking_Equipment
tls stateplaintext
created at2024_09_27
deploymentInternal
performance impactLow
confidenceHigh
signature severityMajor
updated at2024_09_27
mitre tactic idTA0007
mitre tactic nameDiscovery
mitre technique idT1082
mitre technique nameSystem_Information_Discovery

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!