Search...

COMTREND CT-536 and HG-536 Routers Multiple Remote Vulnerabilities

2008-12-22T00:00:00

ID EDB-ID:32681
Type exploitdb
Reporter Daniel Fernandez Bleda
Modified 2008-12-22T00:00:00

Description

COMTREND CT-536 and HG-536 Routers Multiple Remote Vulnerabilities. Remote exploit for hardware platform

                                        
                                            source: http://www.securityfocus.com/bid/32975/info

COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities:

- Multiple unauthorized-access vulnerabilities
- An information-disclosure vulnerability
- Multiple cross-site scripting vulnerabilities
- A denial-of-service vulnerability
- Multiple buffer-overflow vulnerabilities

Attackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.

The following firmware versions are vulnerable; additional versions may also be affected:
CT-536 A101-302JAZ-C01_R05
HG-536+ A101-302JAZ-C01_R05 and A101-302JAZ-C03_R14.A2pB021g.d15h

http://www.example.com/scvrtsrv.cmd?action=add&srvName=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&srvAddr=192.168.1.1&proto=1,&eStart=1,&eEnd=1,&iStart=1,&iEnd http://www,example.com/password.html

JSON Vulners Source

Initial Source

{"id": "EDB-ID:32681", "type": "exploitdb", "bulletinFamily": "exploit", "title": "COMTREND CT-536 and HG-536 Routers Multiple Remote Vulnerabilities", "description": "COMTREND CT-536 and HG-536 Routers Multiple Remote Vulnerabilities. Remote exploit for hardware platform", "published": "2008-12-22T00:00:00", "modified": "2008-12-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/32681/", "reporter": "Daniel Fernandez Bleda", "references": [], "cvelist": [], "lastseen": "2016-02-03T17:34:38", "viewCount": 6, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2016-02-03T17:34:38", "rev": 2}, "dependencies": {"references": [], "modified": "2016-02-03T17:34:38", "rev": 2}, "vulnersScore": 0.4}, "sourceHref": "https://www.exploit-db.com/download/32681/", "sourceData": "source: http://www.securityfocus.com/bid/32975/info\r\n\r\nCOMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities:\r\n\r\n- Multiple unauthorized-access vulnerabilities\r\n- An information-disclosure vulnerability\r\n- Multiple cross-site scripting vulnerabilities\r\n- A denial-of-service vulnerability\r\n- Multiple buffer-overflow vulnerabilities\r\n\r\nAttackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.\r\n\r\nThe following firmware versions are vulnerable; additional versions may also be affected:\r\nCT-536 A101-302JAZ-C01_R05\r\nHG-536+ A101-302JAZ-C01_R05 and A101-302JAZ-C03_R14.A2pB021g.d15h\r\n\r\nhttp://www.example.com/scvrtsrv.cmd?action=add&srvName=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&srvAddr=192.168.1.1&proto=1,&eStart=1,&eEnd=1,&iStart=1,&iEnd http://www,example.com/password.html", "osvdbidlist": ["55639", "55641", "55640", "55638", "55643", "55642"]}