From c89f4892bfd0f79293d53c3337b9c356a5a2e27f Mon Sep 17 00:00:00 2001
From: paulino <paulino@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 31 Jan 2019 21:06:59 +0000
Subject: [PATCH] Adds attack signature for CVE-2019-1653. Closes #1446

---
 nselib/data/http-fingerprints.lua | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/nselib/data/http-fingerprints.lua b/nselib/data/http-fingerprints.lua
index af893bfb0..19f19f744 100644
--- a/nselib/data/http-fingerprints.lua
+++ b/nselib/data/http-fingerprints.lua
@@ -7186,6 +7186,25 @@ table.insert(fingerprints, {
     }
   });
 
+table.insert(fingerprints, {
+    category = 'attacks',
+    probes = {
+      {
+        path = '/cgi-bin/export_debug_msg.exp',
+        method = 'GET'
+      },
+      {
+        path = '/cgi-bin/config.exp',
+        method = 'GET'
+      }
+    },
+    matches = {
+      {
+        match = '200 OK',
+        output = 'Cisco RV320/RV325 Unauthenticated Diagnostic Data & Configuration Export (CVE-2019-1653)'
+      }
+    }
+  });
 ------------------------------------------------
 ----        Open Source CMS checks          ----
 ------------------------------------------------