id: motive-eim-panel

info:
  name: Motive eSIM Secure Connect Panel - Exposure Detection
  author: miguelse
  severity: high
  description: |
    Detects exposed Motive eSIM Secure Connect (EIM) panels used for managing eSIM/iSIM provisioning. Public access to these interfaces may allow attackers to view or interact with sensitive operations such as EID management and bulk provisioning, leading to information disclosure or unauthorized control over IoT/mobile connectivity services.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
    cvss-score: 8.6
    cwe-id: CWE-200
  reference:
    - https://motive.com/eim
  metadata:
    verified: true
    max-request: 1
    vendor: motive_software_solutions
    product: motive_esim
    google-query:
      - inurl:"bulk-profile-operation"
      - inurl:"eid-management"
      - inurl:"eid-management-new"
  tags: panel,motive,eim,esim,iot

http:
  - method: GET
    path:
      - '{{BaseURL}}/eIMConfiguration'
      - '{{BaseURL}}/eid-management'
      - '{{BaseURL}}/eid-management-new'
      - '{{BaseURL}}/bulk-profile-operation'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - <title>EIM</title>

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100b98214929a3b458ef31caaf2e9a66f1400aa55a398ea195d5719f9f352ba883b022100adf826844cc8b9ad8c7aed7eef86b2f473b1410fcffa1e004479b9cab065bea9:922c64590222798bb761d5b6d8e72950