.. / CVE-2022-23178

Exploit for Crestron Device - Credentials Disclosure (CVE-2022-23178)

Description:

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.

Nuclei Template

View the template here CVE-2022-23178.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-23178.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-23178
https://de.crestron.com/Products/Video/HDMI-Solutions/HDMI-Switchers/HD-MD4X2-4K-E
https://github.com/Threekiii/Awesome-POC
https://www.redteam-pentesting.de/advisories/rt-sa-2021-009
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-009/-credential-disclosure-in-web-interface-of-crestron-device

.. / CVE-2022-23178 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Crestron Device - Credentials Disclosure (CVE-2022-23178)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-23178