[DCA-00017] LinkSys BEFSR41 Multiple Stored Xss

2011-01-07T00:00:00
ID SECURITYVULNS:DOC:25463
Type securityvulns
Reporter Securityvulns
Modified 2011-01-07T00:00:00

Description

[DCA-00017] LinkSys BEFSR41 Multiple Stored Xss

[Software/Hardware] - LinkSys DSL Router BEFSR41 V2

[Vendor Product Description] - This Router will allow your computers to share a high-speed Internet connection as well as resources, including files and printers.

[Bug Description] - Linksys does not validate the input size leading to stored Xss bug. - Host name,User Name(PPPoE and PPTP),Customized Applications and other fields are vulnerable.

[History] - Advisory sent to vendor on 01/03/2011. - Vendor reply 01/03/2011 - Published 01/04/2011

[Impact] - Low

[Affected Version] - LinkSys DSL Router BEFSR41 V2 - Firmware: 1.30 1.33.1 1.34 1.35 1.36 1.36T4(beta) 1.37 1.37.1(j) 1.38.5 1.39 1.40.1 1.40.2 1.42.3 1.42.6 1.42.7 1.43 1.43.3 1.44 1.44.2 1.46.2

[Vendor Reply] - According to the vendor, this hardware is deprecated

[Codes] Example in Customized Applications fields: '><h1>B</h1>


[Credits] DcLabs Security Group Sponsor: Crash crash@dclabs.com.br

-- Ewerson Guimaraes (Crash) Pentester/Researcher DcLabs Security Team www.dclabs.com.br