| शीर्षक | Kaon CG3000 1.01.43 Cross Site Scripting |
|---|
| विवरण | There is a vulnerability in Kaon CG3000 router of Claro provider in Brazil.
The firmware tested was 1.01.43, CG3000 Rev V1.2.
The operating system of the router does not sanitize the data coming from DHCP protocol.
So, it is possible to exploit a authenticated stored XSS (Cross Site Scripting) in the first page of the system, using this protocol.
This page will be the first, right after authentication process, to be viewed by the router admin.
Therefore, this code will be automatically executed after logon.
Using the "dhcpcd" command, the vulnerability can be exploited.
dhcpcd -k wlan0
dhcpcd -n wlan0 -h "<script>alert('XSS')</script>"
|
|---|
| स्रोत | ⚠️ https://github.com/peritocibernetico/ClaroDHCPXSS/ |
|---|
| उपयोगकर्ता | peritocibernetico (UID 74140) |
|---|
| सबमिशन | 04/09/2024 12:31 AM (2 साल पहले) |
|---|
| संयम | 11/09/2024 01:37 PM (8 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 277166 [Kaon CG3000 1.01.43 dhcpcd Command -h क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|