From 4c9f86562a4e0fa584a58c86f08e233b2a4d61b0 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 4 Dec 2016 17:46:36 +0000
Subject: [PATCH] Adds a fingerprint for Cisco EPC3925

---
 CHANGELOG                                     |  2 +-
 .../http-default-accounts-fingerprints.lua    | 30 +++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 7a187c325..588810383 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -36,7 +36,7 @@ o Added service probe and UDP payload for Quick UDP Internet Connection (QUIC),
 o [NSE] Enabled resolveall to run against any target provided as a hostname, so
   the resolveall.hosts script-arg is no longer required. [Daniel Miller]
 
-o [NSE] Updated fingerprints for script http-default-accounts with 19 new
+o [NSE] Updated fingerprints for script http-default-accounts with 20 new
   fingerprints. 4 fingerprints have been broadened to cover more variants.
   [nnposter]
 
diff --git a/nselib/data/http-default-accounts-fingerprints.lua b/nselib/data/http-default-accounts-fingerprints.lua
index d07fa8989..66a190c48 100644
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -589,6 +589,36 @@ table.insert(fingerprints, {
   end
 })
 
+table.insert(fingerprints, {
+  -- Version ESIP-12-v302r125573-131230c_upc
+  name = "Cisco EPC3925",
+  category = "routers",
+  paths = {
+    {path = "/"}
+  },
+  target_check = function (host, port, path, response)
+    return response.status == 200
+           and response.body
+           and response.body:find("Docsis", 1, true)
+           and response.body:find('window%.location%.href%s*=%s*"Docsis_system%.asp";')
+  end,
+  login_combos = {
+    {username = "", password = ""}
+  },
+  login_check = function (host, port, path, user, pass)
+    local form = {username_login=user,
+                  password_login=pass,
+                  LanguageSelect="en",
+                  Language_Submit="0",
+                  login="Log In"}
+    local req = http_post_simple(host, port,
+                                url.absolute(path, "goform/Docsis_system"),
+                                nil, form)
+    local loc = req.header["location"] or ""
+    return req.status == 302 and loc:find("/Quick_setup%.asp$")
+  end
+})
+
 table.insert(fingerprints, {
   -- Version 1.0.1.3 on RT-N10U, RT-N66U
   name = "ASUS RT",