From a0df971ffed667207735596b3607533ecf2c179c Mon Sep 17 00:00:00 2001 From: Bretss <187307003+Bretss@users.noreply.github.com> Date: Wed, 28 Jan 2026 12:03:55 +0100 Subject: [PATCH 1/4] Added default creds checking nuclei template for gude 2301 and 2302 --- .../gude/gude-2301-2032-default-login.yaml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 default-logins/gude/gude-2301-2032-default-login.yaml diff --git a/default-logins/gude/gude-2301-2032-default-login.yaml b/default-logins/gude/gude-2301-2032-default-login.yaml new file mode 100644 index 00000000000..9370406ece4 --- /dev/null +++ b/default-logins/gude/gude-2301-2032-default-login.yaml @@ -0,0 +1,29 @@ +id: gude-2031-2032-default-login + +info: + name: GUDE 2301 and 2302 Default Administrator Login + author: Bretss + severity: critical + description: GUDE 2301 and 2302 default administrator login credentials (admin:admin) were detected. + reference: + - https://media.distrelec.com/Web/Downloads/_m/an/Gude_2302-1_ger_man.pdf + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 + tags: gude,default-login,vuln + +http: + - method: GET + path: + - "{{BaseURL}}/ov.html?" + + authorization: + type: basic + username: admin + password: admin + + matchers: + - type: status + status: + - 200 From bafd3d4fb991c423d5f425af9b413daf3e1f7f23 Mon Sep 17 00:00:00 2001 From: Bretss <187307003+Bretss@users.noreply.github.com> Date: Wed, 28 Jan 2026 12:25:49 +0100 Subject: [PATCH 2/4] Added default creds checking nuclei template for gude 2301 and 2302 - Fixed --- .../gude/gude-2301-2032-default-login.yaml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/default-logins/gude/gude-2301-2032-default-login.yaml b/default-logins/gude/gude-2301-2032-default-login.yaml index 9370406ece4..7ace6c1e0dd 100644 --- a/default-logins/gude/gude-2301-2032-default-login.yaml +++ b/default-logins/gude/gude-2301-2032-default-login.yaml @@ -8,9 +8,9 @@ info: reference: - https://media.distrelec.com/Web/Downloads/_m/an/Gude_2302-1_ger_man.pdf classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cwe-id: CWE-522 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 tags: gude,default-login,vuln http: @@ -18,10 +18,8 @@ http: path: - "{{BaseURL}}/ov.html?" - authorization: - type: basic - username: admin - password: admin + headers: + Authorization: "Basic YWRtaW46YWRtaW4=" #admin:admin matchers: - type: status From f08a4bf1bebfcba30b45c79c05fd109fb174d287 Mon Sep 17 00:00:00 2001 From: Aman Rawat <35992750+theamanrawat@users.noreply.github.com> Date: Thu, 29 Jan 2026 13:36:08 +0530 Subject: [PATCH 3/4] Update --- ...-default-login.yaml => gude-default-login.yaml} | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) rename default-logins/gude/{gude-2301-2032-default-login.yaml => gude-default-login.yaml} (64%) diff --git a/default-logins/gude/gude-2301-2032-default-login.yaml b/default-logins/gude/gude-default-login.yaml similarity index 64% rename from default-logins/gude/gude-2301-2032-default-login.yaml rename to default-logins/gude/gude-default-login.yaml index 7ace6c1e0dd..19a31e6f9a8 100644 --- a/default-logins/gude/gude-2301-2032-default-login.yaml +++ b/default-logins/gude/gude-default-login.yaml @@ -1,9 +1,9 @@ -id: gude-2031-2032-default-login +id: gude-default-login info: - name: GUDE 2301 and 2302 Default Administrator Login + name: GUDE - Default Login author: Bretss - severity: critical + severity: high description: GUDE 2301 and 2302 default administrator login credentials (admin:admin) were detected. reference: - https://media.distrelec.com/Web/Downloads/_m/an/Gude_2302-1_ger_man.pdf @@ -11,7 +11,11 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L cvss-score: 8.3 cwe-id: CWE-522 - tags: gude,default-login,vuln + metadata: + max-request: 1 + shodan-query: http.html:"Expert Net Control" + fofa-query: body="Expert Net Control" + tags: gude,default-login http: - method: GET @@ -19,7 +23,7 @@ http: - "{{BaseURL}}/ov.html?" headers: - Authorization: "Basic YWRtaW46YWRtaW4=" #admin:admin + Authorization: "Basic YWRtaW46YWRtaW4=" matchers: - type: status From c5e3b644f4a5c6bc478c1db31ef8a6f21f1b9f33 Mon Sep 17 00:00:00 2001 From: Aman Rawat <35992750+theamanrawat@users.noreply.github.com> Date: Thu, 29 Jan 2026 13:38:12 +0530 Subject: [PATCH 4/4] Update gude-default-login.yaml --- default-logins/gude/gude-default-login.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/default-logins/gude/gude-default-login.yaml b/default-logins/gude/gude-default-login.yaml index 19a31e6f9a8..aacf4581c95 100644 --- a/default-logins/gude/gude-default-login.yaml +++ b/default-logins/gude/gude-default-login.yaml @@ -26,6 +26,8 @@ http: Authorization: "Basic YWRtaW46YWRtaW4=" matchers: - - type: status - status: - - 200 + - type: dsl + dsl: + - 'contains(body, "Control Panel")' + - 'status_code == 200' + condition: and