id: CVE-2020-9047
info:
  name: exacqVision Web Service RCE
  risk: High

params:
  - root: '{{.BaseURL}}'
  
variables:
requests: 
  - method: GET
    url: >-
      {{.root}}/version.web
    headers:
      - User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3984.0 Safari/537.36
    detections:
      - >-
        StatusCode() == 200 && (StringSearch("resBody", "3.10.4.72058") || StringSearch("resBody", "3.12.4.76544") || StringSearch("resBody", "3.8.2.67295") || StringSearch("resBody", "7.0.2.81005") || StringSearch("resBody", "7.2.7.86974") || StringSearch("resBody", "7.4.3.89785") || StringSearch("resBody", "7.6.4.94391") || StringSearch("resBody", "7.8.2.97826") || StringSearch("resBody", "8.0.6.105408") || StringSearch("resBody", "8.2.2.107285") || StringSearch("resBody", "8.4.3.111614") || StringSearch("resBody", "8.6.3.116175") || StringSearch("resBody", "8.8.1.118913") || StringSearch("resBody", "9.0.3.124620") || StringSearch("resBody", "9.2.0.127940") || StringSearch("resBody", "9.4.3.137684") || StringSearch("resBody", "9.6.7.145949") || StringSearch("resBody", "9.8.4.149166") || StringSearch("resBody", "19.03.3.152166") || StringSearch("resBody", "19.06.4.157118") || StringSearch("resBody", "19.09.4.0") || StringSearch("resBody", "19.12.2.0") || StringSearch("resBody", "20.03.2.0") || StringSearch("resBody", "20.06.3.0"))

references:
  - https://www.cvebase.com/cve/2020/9047