Skip to content

Commit 4de87fe

Browse files
committed
add: AVE-2021-0004
1 parent ad6f813 commit 4de87fe

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

vulns/2021/AVE-2021-0004.toml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
[basic]
2+
description = "锐捷 RG-UAC 统一上网行为管理审计系统存在账号密码信息泄露漏洞。该系统某接口未做权限校验,远程攻击者无需认证即可直接访问该接口,获取返回的 JSON 数据中 super_admin 管理员账号与密码信息,进而登录后台获取系统控制权。攻击者可通过构造特制 HTTP GET 请求触发漏洞,利用难度低,无需交互,影响 RG-UAC 全系列受影响版本。"
3+
published = "2021-02-26"
4+
remediation = "联系锐捷官方获取修复该漏洞的最新 RG-UAC 固件版本并升级;如无法立即升级,应在边界防火墙上限制仅允许可信管理 IP 访问 RG-UAC 的 Web 管理端口(默认 443/80),同时修改默认 super_admin 密码并开启双因素认证作为临时缓解措施。"
5+
score = 5.0
6+
severity = "MEDIUM"
7+
sources = ["nuclei"]
8+
title = "锐捷 RG-UAC 统一上网行为管理审计系统账号密码信息泄露漏洞"
9+
updated = "2021-02-26"
10+
11+
[exploit]
12+
exp_urls = []
13+
poc_urls = ["https://github.com/S1xHcL/CNVD-2021-14536"]
14+
15+
[id]
16+
aliases = [
17+
"NUCLEI-HTTP-CNVD-2021-CNVD-2021-14536-YAML",
18+
"CNVD-2021-14536",
19+
]
20+
ave_id = "AVE-2021-0004"
21+
22+
[meta]
23+
collected_at = "2026-07-14T00:00:00Z"
24+
status = "completed"
25+
26+
[references]
27+
urls = [
28+
"https://github.com/1n7erface/PocList",
29+
"https://github.com/S1xHcL/CNVD-2021-14536",
30+
]

0 commit comments

Comments
 (0)