Add Synway SMG Gateway 9-2radius.php RCE template

[whatyourname12345]

PR Information

• Added Synway SMG Gateway 9-2radius.php RCE template.
• This is an unauthenticated Remote Command Execution vulnerability in the Synway SMG Gateway management interface.
• References:
  • [(https://mp.weixin.qq.com/s/82YETZ6RygEsdWqM1OESmQ)]

Template validation

• Validated with a host running a vulnerable version and/or configuration (True Positive)
• Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details (leave it blank if not applicable)

• FOFA Query: title="三汇SMG网关"
• The template has been successfully validated using the raw HTTP POST method against a real target (Target IP has been redacted for security).
• nuclei -validate runs without errors.

[neo-by-projectdiscovery-dev]

Neo - Nuclei Template Review

High: 1

Current PR state: 1 high active finding.

Highlights

• High: Template ID still does not match filename in http/vulnerabilities/synway/synway-smg-9-2radius-rce.yaml:1

High (1)

• Template ID still does not match filename — http/vulnerabilities/synway/synway-smg-9-2radius-rce.yaml:1
  The template ID remains 'sanhuiSMG-9-2radius-rce' but the filename is 'synway-smg-9-2radius-rce.yaml'. This was flagged in the initial review but has not been addressed. According to Nuclei template guidelines, the ID must exactly match the filename (without .yaml extension).

Hardening Notes

• Regex matcher changed from root:[^:]*:0:0: to root:.*:0:0: - both patterns successfully match valid /etc/passwd root entries, though the greedy .* quantifier has different matching behavior than the negated character class [^:]*

_{Comment @pdneo help for available commands. · Open in Neo}