Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSqlhackerPACKETSTORM:121553
HistoryMay 08, 2013 - 12:00 a.m.

Brother MFC-9970CDW Firmware 0D Cross Site Scripting

2013-05-0800:00:00
sqlhacker
packetstormsecurity.com
52

0.04 Low

EPSS

Percentile

92.1%

JSON
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256  
  
=========================================  
  
Brother MFC-9970CDW Firmware 0D  
  
Date: Jan. 13, 2013  
  
URL:  
http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html  
  
=========================================  
  
Keywords  
  
=========================================  
  
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,  
Zero Day, Brother MFC-9970 CDW  
  
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,  
CVE-2013-2674, CVE-2013-2675, CVE-2013-2676  
  
=========================================  
  
Summary  
  
=========================================  
  
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in  
January 2013. This document will introduce and discuss the vulnerability  
and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware  
L Version 1.10 Released on July 9, 2012, and prior versions.  
  
=========================================  
  
Overview  
  
=========================================  
  
Brother Industries, Ltd. is a multinational electronics and electrical  
equipment company headquartered in Nagoya, Japan. Its products include  
printers, multifunction printers, sewing machines, large machine tools,  
label printers, typewriters, fax machines, and other computer-related  
electronics. Brother distributes its products both under its own name and  
under OEM agreements with other companies.  
  
  
  
The MFC-9970cdw Color Laser All-in-One combines print, copy, scan and fax  
in one powerful device. It produces high-impact color output at impressive  
print and copy speeds of up to 30ppm and offers flexible connectivity with  
wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen  
display for easy navigation and menu selection. Also, this flagship model  
offers automatic duplex print/copy/scan/fax and optional high yield toner  
cartridges to help lower your operating costs Ā– making this all-in-one a  
smart choice for a business or workgroup.  
  
=========================================  
  
The Bug  
  
=========================================  
  
Reflected Cross Site Scripting, CWE-79  
  
=========================================  
  
Vulnerable Parameters = id , val, kind + Query String  
  
Signature = "><script>alert(1)</script>  
  
=========================================  
  
Version Identification  
  
=========================================  
  
Brother MFC-9970CDW - Version Identification - Firmware Ā“LĀ” Version  
1.10  
  
Brother MFC-9970CDW - Version Identification - Firmware Ā“GĀ”  
  
=========================================  
  
PoC  
  
=========================================  
  
PoC URL  
  
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"><script>  
alert(1)</script>  
  
=========================================  
  
CVE Information  
  
=========================================  
  
CVE-2013-2507 is specific to Firmware G.  
  
XSS at:  
  
admin/log_to_net.html id parameter  
  
fax/copy_settings.html kind parameter  
  
CVE-2013-2670 is for the issue that is present in both the Firmware G  
report and Firmware L.  
  
XSS at:  
  
admin/admin_main.html name of an arbitrarily assigned URL parameter  
  
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.  
  
CVEs for Firmware L:  
  
Cleartext submission of password CVE-2013-2672  
  
Password field with autocomplete enabled CVE-2013-2673  
  
Cross-domain Referer leakage CVE-2013-2674  
  
Frameable response (Clickjacking) CVE-2013-2675  
  
Private IP addresses disclosed CVE-2013-2676  
  
CVSS 2 Score = 4.5  
  
Timeline  
  
Attempt contact via e-mail in January 2013.  
  
Call the Toll Free Support Line in March 2013.  
  
Callback from Vendor in April 2013.  
  
E-mail sent to Vendor in April 2013.  
  
VENDOR UNRESPONSIVE  
  
Published May 3, 2013  
  
Hoyt LLC Research Public Domain  
Report  
  
http://xss.cx/  
  
=========================================  
  
END  
  
=========================================  
  
  
  
-----BEGIN PGP SIGNATURE-----  
Version: 10.2.0.2526  
  
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx  
1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv  
AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb  
4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8  
nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG  
VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==  
=Ua1o  
-----END PGP SIGNATURE-----  
`

Related

cve 8
prion 8
cvelist 8
nvd 8
cve
cve
CVE-2013-2671
2014-03-14 14:55:04
CVE-2013-2507
2014-03-14 14:55:04
CVE-2013-2670
2014-03-14 14:55:04
prion
prion
Cross site scripting
2014-03-14 14:55:00
Cross site scripting
2014-03-14 14:55:00
Cross site scripting
2014-03-14 14:55:00
cvelist
cvelist
CVE-2013-2671
2014-03-14 14:00:00
CVE-2013-2670
2014-03-14 14:00:00
CVE-2013-2507
2014-03-14 14:00:00
nvd
nvd
CVE-2013-2670
2014-03-14 14:55:04
CVE-2013-2671
2014-03-14 14:55:04
CVE-2013-2507
2014-03-14 14:55:04

0.04 Low

EPSS

Percentile

92.1%

JSON
Related for PACKETSTORM:121553
cve8prion8cvelist8nvd8