Vulners
Lucene search
Brother MFC-9970CDW Firmware 0D Cross Site Scripting
| Reporter | Title | Published | Views | Family All 40 |
|---|---|---|---|---|
 | CVE-2013-2507 | 14 Mar 201414:00 | – | cve |
| CVE-2013-2670 | 14 Mar 201414:00 | – | cve |
| CVE-2013-2671 | 14 Mar 201414:00 | – | cve |
| CVE-2013-2672 | 3 Feb 202016:39 | – | cve |
| CVE-2013-2673 | 3 Feb 202017:06 | – | cve |
| CVE-2013-2674 | 3 Feb 202017:36 | – | cve |
| CVE-2013-2675 | 5 Feb 202017:30 | – | cve |
| CVE-2013-2676 | 4 Feb 202014:05 | – | cve |
 | CVE-2013-2507 | 14 Mar 201414:00 | – | cvelist |
| CVE-2013-2670 | 14 Mar 201414:00 | – | cvelist |
10
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=========================================
Brother MFC-9970CDW Firmware 0D
Date: Jan. 13, 2013
URL:
http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
=========================================
Keywords
=========================================
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,
Zero Day, Brother MFC-9970 CDW
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,
CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
=========================================
Summary
=========================================
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in
January 2013. This document will introduce and discuss the vulnerability
and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware
L Version 1.10 Released on July 9, 2012, and prior versions.
=========================================
Overview
=========================================
Brother Industries, Ltd. is a multinational electronics and electrical
equipment company headquartered in Nagoya, Japan. Its products include
printers, multifunction printers, sewing machines, large machine tools,
label printers, typewriters, fax machines, and other computer-related
electronics. Brother distributes its products both under its own name and
under OEM agreements with other companies.
The MFC-9970cdw Color Laser All-in-One combines print, copy, scan and fax
in one powerful device. It produces high-impact color output at impressive
print and copy speeds of up to 30ppm and offers flexible connectivity with
wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen
display for easy navigation and menu selection. Also, this flagship model
offers automatic duplex print/copy/scan/fax and optional high yield toner
cartridges to help lower your operating costs making this all-in-one a
smart choice for a business or workgroup.
=========================================
The Bug
=========================================
Reflected Cross Site Scripting, CWE-79
=========================================
Vulnerable Parameters = id , val, kind + Query String
Signature = "><script>alert(1)</script>
=========================================
Version Identification
=========================================
Brother MFC-9970CDW - Version Identification - Firmware L Version
1.10
Brother MFC-9970CDW - Version Identification - Firmware G
=========================================
PoC
=========================================
PoC URL
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"><script>
alert(1)</script>
=========================================
CVE Information
=========================================
CVE-2013-2507 is specific to Firmware G.
XSS at:
admin/log_to_net.html id parameter
fax/copy_settings.html kind parameter
CVE-2013-2670 is for the issue that is present in both the Firmware G
report and Firmware L.
XSS at:
admin/admin_main.html name of an arbitrarily assigned URL parameter
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.
CVEs for Firmware L:
Cleartext submission of password CVE-2013-2672
Password field with autocomplete enabled CVE-2013-2673
Cross-domain Referer leakage CVE-2013-2674
Frameable response (Clickjacking) CVE-2013-2675
Private IP addresses disclosed CVE-2013-2676
CVSS 2 Score = 4.5
Timeline
Attempt contact via e-mail in January 2013.
Call the Toll Free Support Line in March 2013.
Callback from Vendor in April 2013.
E-mail sent to Vendor in April 2013.
VENDOR UNRESPONSIVE
Published May 3, 2013
Hoyt LLC Research Public Domain
Report
http://xss.cx/
=========================================
END
=========================================
-----BEGIN PGP SIGNATURE-----
Version: 10.2.0.2526
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx
1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv
AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb
4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8
nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG
VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==
=Ua1o
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 May 2013 00:00Current
EPSS0.02311