FVS318.txt

2005-01-18T00:00:00
ID PACKETSTORM:35779
Type packetstorm
Reporter Paul Kurczaba
Modified 2005-01-18T00:00:00

Description

                                        
                                            `Multiple Vulnerabilities in Netgear FVS318 Router  
  
http://www.securinews.com/vuln.htm?vulnid=103  
-------------------------------------------------  
  
Overview:  
The Netgear FVS318 is an easy to use, firewall/router designed for home users and small businesses. SecuriNews Research has found 2 vulnerabilities in the router.  
  
  
Vendor:  
Netgear (http://www.netgear.com)  
  
  
Affected Systems/Configuration:  
2.4, possibly others  
  
  
Vulnerabilities/Exploits:  
  
1) By using HEX encoded characters, it is possible to bypass the URL filter. For example, if the router administrator blocks the phrase ".exe"; a user can encode one or more characters in the URL phrase to bypass the filter. If we encode the 'x' in ".exe", the new phrase ".e%78e" will bypass the filter.  
  
2) The content filter/log viewer contains a Cross Site Scripting vulnerability. When a user tries to access a blocked URL phrase, it is logged in the Security Log. If a user were to inject JavaScript into a blocked URL phrase, the JavaScript would be executed by the admin's browser when the security log is viewed.  
  
  
Proof of Concept:  
  
1) Example above.  
  
2) If the router administrator has blocked the URL phrase ".exe", a user can inject JavaScript as follows:  
  
http://www.example.com/somefile.exe</textarea><script>alert('XSS')</script>  
  
Note: The string "</textarea>" must be added before the injected JavaScript, as the security log is placed in a text area.  
  
  
Workaround:  
None.  
  
  
Date Discovered:  
January 14, 2005  
  
  
Severity:  
Low-Medium  
  
  
Credit:  
SecuriNews Research  
http://www.securinews.com/  
  
`