| 제목 | XSS in Netgear-SRX5308 Router(14) |
|---|
| 설명 | # XSS in Netgear-SRX5308 Router
## Overview
* Type: XSS
* Supplier: Netgear (https://www.netgear.com/)
* URL: https://192.168.1.1
* Product: SRX5308 – ProSAFE Quad WAN Gigabit SSL VPN Firewall
* Affect version: (lastest) 4.3.5-3
* Firmware download: https://www.downloads.netgear.com/files/GDC/SRX5308/SRX5308_V4.3.5-3.zip
## Description
The XSS vulnerability is at the web management interface of the affected routers. The vulnerability results from improper validation of user-supplied input. An attacker could exploit the vulnerability by sending the crafted HTTP request to affected devices.
The injection happens at the "wanName" parameter which isn't sanitized.
## Business Impact
The vulnerability is very dangerous which could also result in reputational damage for the business through the impact on customers' trust.
## Steps to Reproduce
1. Configure the web IP address in POC: xss_post_poc.html(the Default IP address is: 192.168.1.1).
2. Log in web interface through the browser(default admin:password).
3. Open xss_post_poc-Before-Authen.html in the browser. You will see an alert window pop up.
## Proof of Concept
Advirsory URL. |
|---|
| 원천 | ⚠️ https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/14 |
|---|
| 사용자 | leetsun (UID 39457) |
|---|
| 제출 | 2023. 04. 13. PM 03:41 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 04. 28. PM 01:50 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 227672 [Netgear SRX5308 까지 4.3.5-3 Web Management Interface wanName 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|