ZyXEL SBG-3300 Security Gateway Cross Site Scripting

🗓️ 03 Oct 2014 00:00:00Reported by Mirko CasadeiType

packetstorm🔗 packetstormsecurity.com👁 26 Views

Stored Server XSS in ZyXEL SBG-3300 Security Gateway, ZyXEL SBG3300-N series, Unpatche

Reporter	Title	Published	Views	Family All 9
0day.today	ZyXEL SBG-3300 Security Gateway Cross Site Scripting Vulnerability	5 Oct 201400:00	–	zdt
CVE	CVE-2014-7277	4 Oct 201410:00	–	cve
Cvelist	CVE-2014-7277	4 Oct 201410:00	–	cvelist
EUVD	EUVD-2014-7148	7 Oct 202500:30	–	euvd
NVD	CVE-2014-7277	4 Oct 201410:55	–	nvd
Prion	Cross site scripting	4 Oct 201410:55	–	prion
Prion	Design/Logic Flaw	4 Oct 201410:55	–	prion
securityvulns	CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway	5 Oct 201400:00	–	securityvulns
securityvulns	ZyXEL SBG-3300 security vulnerabilities	5 Oct 201400:00	–	securityvulns

`########################################  
#Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway  
#Date: 02/10/2014  
#CVE-ID: CVE-2014-7277   
#Product: ZyXEL SBG3300-N series  
#Vendor: www.zyxel.com  
#Affected Firmware: Latest version at the time of disclosure V1.00(AADY.4)C0 and below (tested)  
#Patch: Unpatched  
#Authored by: Mirko Casadei  
########################################  
  
#Disclosure Timeline:  
13/08/2014 Vendor Contact with Acknowledgment   
13/09/2014 No response from Vendor after first contact  
02/10/2014 Full Disclosure   
  
#Technical details:  
The web interface of the Security Gateway is affected by a Stored Server XSS vulnerability in the main login page.   
Abusing the login 'welcome message' form, an attacker can inject the XSS in HTML code.  
Example of a working code:  
...  
<span class="title_index">Welcome</span><br>  
<li id="loginMessage"><img src=x onerror=alert('XSS') /></li>  
...  
  
#Remediation  
The vulnerable form should sanitize input.  
########################################  
  
`

03 Oct 2014 00:00Current

EPSS0.0034