admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: CVE-2022-23178

Browse Source
This commit is contained in:
gaopeng2 2022-03-30 15:31:46 +08:00
parent e4ddef46a6
commit 5d660a6a25
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Crestron/CVE-2022-23178/Crestron_Hd_Md4X2_Credential_Disclosure_CVE_2022_23178.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 MiB

10
Crestron/CVE-2022-23178/README.md Normal file
View File

@ -0,0 +1,10 @@
# Crestron Hd-Md4X2 Credential Disclosure (CVE-2022-23178)
restron Hd-Md4X2-4K-E is a simple-to-use UHD signal switcher with four HDMI inputs and two HDMI outputs from Crestron, USA.Crestron Hd-Md4X2-4K-E has an information disclosure vulnerability, attackers can obtain WEB user login credentials and further control the system.
FOFA **query rule**: [body="js/top.js" && body="document.onmousedown = ReCalculate;"](https://fofa.info/result?qbase64=Ym9keT0ianMvdG9wLmpzIiAmJiBib2R5PSJkb2N1bWVudC5vbm1vdXNlZG93biA9IFJlQ2FsY3VsYXRlOyI%3D)
# Demo
![MCMS_5_2_4_Arbitrary_File_Upload](MCMS_5_2_4_Arbitrary_File_Upload.gif)