forthcoming)
#Firmware version: V1.00(BFR.6) - V1.00(BFR.8)C0
#Exploit Author: Nicholas Lehman @GraphX
#Vulnerability: Multiple persistent and reflected XSS vulnerabilities
Description:
Multiple persistent XSS Vulnerabilities have been discovered in the ZyXel
WAP3205 (version 1) wireless access point. These vulnerabilities could
allow and authenticated attacker to insert persistent malicious code on
several pages and using several different fields. The WAP is End-Of-Life
according to the vendor and will not be issuing a patch for these
vulnerabilities.
Proof of Concept:
The first vulnerability discovered pertained to the inputs found on
- - -http://<ROUTER_IP>/local/
the domain_name and system_name inputs are vulnerable to reflected
cross-site scripting and there does not appear to be any validation or
sanitation of those inputs. the admin_inactivity_time input is vulnerable
to persistent XSS with the following code being used:
admin_inactivity_timer=0"><
- - -The date and time tab is also vulnerable to persistent cross site
scripting. The following inputs allow for malicious code to be stored and
executed:
NTPServerIP
servertype
timedatatype
3. Solution:
ZyXel was informed of the vulnerability, but since the router is end of
life, a patch will not be released.
Upgrade to a supported WAP
Komentarų nėra:
Rašyti komentarą