Lucene search
Liad MizrachiPACKETSTORM:123943HistoryNov 07, 2013 - 12:00 a.m.
FOSCAM Wireless IP Camera Cross Site Scripting
2013-11-0700:00:00
Liad Mizrachi
packetstormsecurity.com
26
0.003 Low
EPSS
Percentile
71.1%
`Advisory: FOSCAM Wireless IP Camera - SSID XSS
Author: Liad Mizrachi
Vendor URL: http://www.foscam.com/
Vulnerability Status: No Fix
CVE-ID: CVE-2013-5215
==========================
Vulnerability Description
==========================
FOSCAM's Web UI "WiFi scan" option is vulnerable to XSS using a custom AP SSID.
==========================
PoC
==========================
Setup wireless access point and set SSID with the _javascript_ code.
- SSID must start with ' (Apostrophe).
- SSID must end with // (comment).
==========================
Disclosure Timeline
==========================
20-Aug-2013 - Vendor informed by mail
21-Aug-2013 - Reply from FosCam Support, moved to R&D team.
08-Sep-2013 - Requesting the vendor for update on the issue.
08-Sep-2013 - Reply From Vendor: no fix will be issue.
==========================
References
==========================http://www.foscam.com/https://vimeo.com/72786679
[PoC Demo]
`
Related
prion
prion
Cross site scripting
2013-11-20 13:19:00
cve
cve
CVE-2013-5215
2013-11-20 13:19:42
cvelist
cvelist
CVE-2013-5215
2013-11-19 15:00:00
nvd
nvd
CVE-2013-5215
2013-11-20 13:19:42