Skip to content

Add CVE-2019-3980 SolarWinds Dameware RCE detection template #14304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
KrE80r wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add CVE-2019-3980 SolarWinds Dameware RCE detection template #14304

KrE80r wants to merge 1 commit into from
+51 −0

Conversation

@KrE80r
Copy link
Contributor

@KrE80r KrE80r commented Dec 9, 2025
edited
Loading

/claim #14297

Summary

Add TCP detection template for CVE-2019-3980 (SolarWinds Dameware Mini Remote Control RCE)

Verification

$ nuclei -t network/cves/2019/CVE-2019-3980.yaml -u 192.168.122.140:6129 -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.5.1

                projectdiscovery.io

[INF] Current nuclei version: v3.5.1 (outdated)
[INF] Current nuclei-templates version: v10.3.5 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 57
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2019-3980] Dumped Network request for 192.168.122.140:6129
00000000  30 11 00 00 00 00 00 00  00 00 00 00 00 00 28 40  |0.............(@|
00000010  00 00 00 00 00 00 00 00  04 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 03 00 00 00                           |........| address=192.168.122.140:6129
[CVE-2019-3980:binary-1] [tcp] [critical] 192.168.122.140:6129
[DBG] [CVE-2019-3980] Dumped Network response for 192.168.122.140:6129

00000000  30 11 00 00 00 00 00 00  00 00 00 00 00 00 2c 40  |0.............,@|
00000010  00 00 00 00 00 00 00 00  03 00 00 00 01 00 00 00  |................|
00000020  00 00 00 00 1e 00 00 00  71 11 01 00 e0 34 00 00  |........q....4..|
00000030  31 00 32 00 2f 00 30 00  39 00 2f 00 32 00 35 00  |1.2./.0.9./.2.5.|
00000040  2d 00 30 00 31 00 3a 00  35 00 34 00 3a 00 35 00  |-.0.1.:.5.4.:.5.|
00000050  31 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |1...............|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000220  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000240  00 00 00 00 2f 4f c8 33  ff c3 bc b4 00 5b d9 a0  |..../O.3.....[..|
00000250  7f f4 92 14 a5 e3 0f 57  4b 47 0a ea 74 73 2d c2  |.......WKG..ts-.|
00000260  99 32 d3 98 75 6c 2b 64  4f 3e f5 57 49 4a 37 42  |.2..ul+dO>.WIJ7B|
00000270  9d 37 a1 d9 95 07 df e2  2f de 23 9b 58 7f 28 65  |.7....../.#.X.(e|
00000280  bc 52 d0 a6 42 b1 65 30  95 c1 b8 e7 63 c5 6b e5  |.R..B.e0....c.k.|
00000290  43 13 12 ee b1 a7 46 a9  77 a7 0d 96 e7 d7 1c d9  |C.....F.w.......|
000002a0  ef 2c a9 98 74 86 2d c6  bb 9a 76 6f c0 e2 71 10  |.,..t.-...vo..q.|
000002b0  3e 8e f1 f7 2a 12 98 99  d2 dc 8a 62 02 4b bc 92  |>...*......b.K..|
000002c0  bd e7 c4 6a 03 d4 33 5f  23 44 7e 71 e1 a5 d2 0e  |...j..3_#D~q....|
000002d0  e4 64 03 26 8f f7 10 25  7b bf 0c 2d bd d2 4f 34  |.d.&...%{..-..O4|
000002e0  92 dd 26 1a ba fb c9 dd  42 e2 95 39 1b 2f 58 71  |..&.....B..9./Xq|
000002f0  8f 19 fb f1 0a f2 c6 1c  74 a9 7c 26 18 86 4c a9  |........t.|&..L.|
00000300  28 71 d8 e3 fd af c9 b2  9b c0 fb 43 f7 27 63 a8  |(q.........C.'c.|
00000310  7c 31 65 44 df 76 dc db  a5 26 72 2a b5 a2 48 1e  ||1eD.v...&r*..H.|
00000320  af 8a bd ed f1 b4 ba 95  5d 29 a3 6e ea ad a2 46  |........]).n...F|
00000330  3c bf c1 85 18 a2 c8 db  3c cd de 0b 70 81 de 51  |<.......<...p..Q|
00000340  7c a0 87 77 5a c4 7e 77  11 12 bf 2d 92 93 a7 8f  ||..wZ.~w...-....|
00000350  87 c4 89 49 f0 9f b8 1c  47 de 83 03 4b 9c 57 b5  |...I....G...K.W.|
00000360  74 5a ce 15 50 e0 b0 86  fa 4c 8a de 34 59 ac 22  |tZ..P....L..4Y."|
00000370  3c 39 9d 54 b0 e8 40 19  83 6b 13 0b 1d b7 a1 a8  |<[email protected]......|
00000380  64 77 f4 ff 49 01 de 29  29 e5 b7 d2 a4 3f 51 a2  |dw..I..))....?Q.|
00000390  f2 8c 77 c5 09 d9 36 f4  60 e9 67 b9 39 b2 4e 8e  |..w...6.`.g.9.N.|
000003a0  d1 b7 8d c0 04 0d 77 41  40 b3 48 9e 7b 3c d0 2d  |[email protected].{<.-|
000003b0  f4 a7 26 6f 6b a7 3b e0  47 c4 3d d4 f1 29 80 f7  |..&ok.;.G.=..)..|
000003c0  03 79 fa e3 b0 a0 8f 6a  76 78 cc a8 94 35 cb ed  |.y.....jvx...5..|
000003d0  53 a4 0e 0f df b7 d8 34  d5 0c 8f 36 38 47 8f 5e  |S......4...68G.^|
000003e0  9a 43 da b3 2c 41 59 04  cc e9 bc b9 d8 36 55 9c  |.C..,AY......6U.|
000003f0  31 56 c3 c5 9c 1d 4e 14  92 d8 5b e7 2f 8f 91 db  |1V....N...[./...|
00000400  0f e2 58 1e 91 05 8d c2  6a 91 c8 1c 3b 9d ab d0  |..X.....j...;...|
00000410  e3 42 7a a1 ee be ca a5  59 b8 c1 2d 26 f1 2f e3  |.Bz.....Y..-&./.|
00000420  ff ae e7 0b be cf 06 71  c2 db df ba 63 9c 4e 6e  |.......q....c.Nn|
00000430  4f 44 9d c3 9d 94 a8 66  31 97 41 f8 4f f2 4d 41  |OD.....f1.A.O.MA|
00000440  9c 7a 28 e0 32 6d d1 5f  ab c0 27 61 fa 14 05 53  |.z(.2m._..'a...S|
00000450  c8 f0 62 53 d2 f4 02 ee  eb 47 41 2e 7d 64 7e 8e  |..bS.....GA.}d~.|
00000460  59 31 86 d8 85 0f 99 f3  bc 36 dc f2 96 ef 36 63  |Y1.......6....6c|
00000470  26 c8 a6 7f d0 3a 9c d6  44 54 c1 8d 6d f7 64 00  |&....:..DT..m.d.|
00000480  9f 46 10 a2 e1 15 6e 1e  1e 7b 5e f3 ce 43 eb b7  |.F....n..{^..C..|
00000490  06 20 bf 94 8c 22 20 32  2b c6 d2 75 a5 c4 f0 59  |. ..." 2+..u...Y|
000004a0  ff 7f 80 ef 25 09 10 df  06 d3 53 a5 35 1b 4e bf  |....%.....S.5.N.|
000004b0  13 6d fd 47 b0 14 cd 5c  ea 8b b1 5a 26 27 3a 0a  |.m.G...\...Z&':.|
000004c0  6c c9 70 86 80 f9 1c 5b  35 85 24 e9 f1 20 37 84  |l.p....[5.$.. 7.|
000004d0  c3 f6 b2 b8 9d 02 a7 08  a5 43 cb 5c 7d e7 d8 1e  |.........C.\}...|
000004e0  49 6c 73 af 6e c7 31 ee  11 11 f4 2b a4 cd 06 c0  |Ils.n.1....+....|
000004f0  ee e3 ca 22 06 fd 20 d9  16 57 a5 51 b7 fe e7 a7  |...".. ..W.Q....|
00000500  1e 3e b9 9e e3 9d 41 c3  b2 6b c9 5d 0a 47 b2 ed  |.>....A..k.].G..|
00000510  3a da f6 bf b9 68 bf 57  bc 53 8f d2 35 0c 1c f3  |:....h.W.S..5...|
00000520  33 19 40 51 05 5b e6 ec  a8 9c df fc 91 6b 4b a6  |3.@Q.[.......kK.|
00000530  70 13 d1 fc 71 f3 c9 43  19 70 57 7f e0 ea 65 af  |p...q..C.pW...e.|
00000540  29 54 4c f3 11 8e b3 7a  67 26 0f 85 3c cb d9 b9  |)TL....zg&..<...|
00000550  4f dc 61 f3 93 90 d8 52  f3 15 b9 bf 1a 26 ad b4  |O.a....R.....&..|
00000560  44 7d 72 ca 06 aa 9a 1c  c8 cb 50 50 b4 2e 38 d2  |D}r.......PP..8.|
00000570  a7 d0 2a f8 17 f2 12 fa  e6 5b 99 27 fd cb a9 8a  |..*......[.'....|
00000580  03 87 e2 bd 6d 01 e6 7d  c2 f8 ac 0f f6 f7 5c 64  |....m..}......\d|
00000590  04 41 80 3f 7a 41 99 45  9e 20 5c 8c f0 f0 b5 e2  |.A.?zA.E. \.....|
000005a0  a2 46 8d 45 f7 b2 17 98  a1 60 86 fa 9f 39 29 45  |.F.E.....`...9)E|
000005b0  0b e1 b5 6d 08 a9 15 32  e5 c6 5c 51 4c 08 8d d3  |...m...2..\QL...|
000005c0  ea b5 57 43 00 3a 8c dc  6c e0 28 83 25 72 24 0e  |..WC.:..l.(.%r$.|
000005d0  b5 70 53 67 4c d5 b6 7c  c4 23 60 31 a8 af 95 89  |.pSgL..|.#`1....|
000005e0  98 87 ee a8 44 7e 5a 13  b1 4d 32 25 c8 5f c7 a1  |....D~Z..M2%._..|
000005f0  b3 67 c3 db 7e 63 3a 4f  29 ad c8 86 be 8d 55 c7  |.g..~c:O).....U.|
00000600  e7 47 a1 04 3d 68 8e 8d  6e fb bd ba 91 82 3d c7  |.G..=h..n.....=.|
00000610  d7 90 bc a2 d8 7f cd 72  01 cd 76 d0 64 44 51 bb  |.......r..v.dDQ.|
00000620  47 ee e4 6a 42 b0 cd 37  d8 f6 be cc 87 3c 28 78  |G..jB..7.....<(x|
00000630  cb 43 eb 0b 5b 56 5a 80  db f1 29 3a 6d 77 d9 56  |.C..[VZ...):mw.V|
00000640  92 0b aa ff 66 17 73 c6  6a f6 0e 78 17 d3 56 d2  |....f.s.j..x..V.|
00000650  43 a0 8d 87 03 3e ac 07  25 60 f8 56 25 b7 ac 3b  |C....>..%`.V%..;|
00000660  c5 8c 7a c0 6b 7c ec ea  b6 0f 94 20 41 fe 7a 19  |..z.k|..... A.z.|
00000670  46 e4 a5 f0 ab d3 84 7d  73 d3 2b f8 a7 9c 7f 68  |F......}s.+....h|
00000680  c7 c9 09 98 0d ec 3c ac  2e a4 f2 fd 54 46 14 7c  |......<.....TF.||
00000690  6c f4 62 ae 79 f5 e1 4f  e6 b9 9f 24 61 8c f6 7a  |l.b.y..O...$a..z|
000006a0  e1 c7 f0 05 f9 ac 09 f7  97 05 50 d2 22 7d cd 91  |..........P."}..|
000006b0  c0 37 c2 bb 7a 2c ed 97  12 6c c5 21 44 27 d8 18  |.7..z,...l.!D'..|
000006c0  2b 6b fe 63 ce fc a5 c0  2e 77 cc 87 3d 0b bc c5  |+k.c.....w..=...|
000006d0  ff 47 c5 c2 9a 0f 7a 7c  1b cc d6 f6 e7 29 7a 72  |.G....z|.....)zr|
000006e0  75 f6 3b 4c 41 a6 cf d0  41 24 87 e5 76 a8 a4 d9  |u.;LA...A$..v...|
000006f0  28 10 89 3c 5f 79 3d 3b  6c b6 fe 7e 77 ae 9c eb  |(..<_y=;l..~w...|
00000700  6a db 61 83 6d cd 0c 6e  19 d3 dd 9b 00 7d 59 59  |j.a.m..n.....}YY|
00000710  7a c8 23 70 db 72 4c be  7d fb 1d 45 99 70 32 aa  |z.#p.rL.}..E.p2.|
00000720  20 47 5e c1 5d d0 3e d2  a0 1e 55 0b 0b 9e c7 6a  | G^.].>...U....j|
00000730  83 12 45 29 78 a3 b4 c6  d0 26 d3 18 4b d9 36 dc  |..E)x....&..K.6.|
00000740  d4 c1 80 bb 00 1f 23 8c  56 c7 26 bf 67 8f 5e b7  |......#.V.&.g.^.|
00000750  13 f1 e2 74 e9 3b ab 65  4a 52 b6 94 58 7e 81 94  |...t.;.eJR..X~..|
00000760  c1 e8 a4 f5 36 e1 3d 35  ac 6b f0 f8 e8 84 a0 47  |....6.=5.k.....G|
00000770  a4 fa 39 89 69 a0 4c 31  f7 c3 5e b5 59 02 3b d5  |..9.i.L1..^.Y.;.|
00000780  8a 2a ba 2a 78 be fb 8a  59 48 e6 f2 84 3c 78 aa  |.*.*x...YH...<x.|
00000790  f6 4d 08 a8 ac 0b 37 40  21 82 2b b8 02 48 fe b6  |.M....7@!.+..H..|
000007a0  67 ad 00 09 bf bb bb 16  4f 51 7c 66 c2 ab d6 18  |g.......OQ|f....|
000007b0  10 14 95 b8 e3 77 55 9b  80 12 aa 87 83 f9 5f 4f  |.....wU......._O|
000007c0  5b 23 28 be d3 44 2f a3  7d 5b 72 b0 66 51 4b f5  |[#(..D/.}[r.fQK.|
000007d0  95 63 c5 cb b2 17 fc fa  61 ce b3 64 64 2f 6b 0a  |.c......a..dd/k.|
000007e0  24 34 d5 03 a2 4f d0 55  ac 25 b3 dd 0e 28 2a 9f  |$4...O.U.%...(*.|
000007f0  48 10 85 99 de 42 86 df  cb f3 43 62 0a 6f e6 16  |H....B....Cb.o..|
00000800  0a 08 4f 64 12 c9 62 aa  9b 63 8a 74 28 c4 62 dc  |..Od..b..c.t(.b.|
00000810  29 4d 73 e3 07 5f 14 59  4f a0 63 11 13 60 4c 44  |)Ms.._.YO.c..`LD|
00000820  bf ea a3 8c 28 0a c0 bd                           |....(...|
[INF] Scan completed in 1.15353982s. 1 matches found.

Matched bytes at offset 0x28: 71 11 01 00 = MSG_CLIENT_INFORMATION_V7 (0x00011171)

Test plan

  • Syntax validation passes
  • True positive: Dameware 12.1.0.89 on Windows VM
  • False positive: Does not match SSH, HTTP, or closed ports

@algora-pbc algora-pbc bot mentioned this pull request Dec 9, 2025
Open
@github-actions github-actions bot requested a review from ritikchaddha December 9, 2025 09:59
@theamanrawat
Copy link
Contributor

theamanrawat commented Dec 10, 2025

Hi @KrE80r ,

Thank you so much for sharing this template with the community and contributing to this project 🍻

If you believe the template is correct, please send a vulnerable lab environment to [email protected].

@KrE80r
Copy link
Contributor Author

KrE80r commented Dec 10, 2025

hi @theamanrawat shared the details via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ritikchaddha ritikchaddha Awaiting requested review from ritikchaddha

Assignees

@pussycat0x pussycat0x

Labels

🙋 Bounty claim waiting for more info

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@KrE80r @theamanrawat @pussycat0x