Linksys BEFSR41 Cross Site Scripting

2011-01-06 / 2011-01-07
Credit: DcLabs Security Team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[DCA-00017] LinkSys BEFSR41 Multiple Stored Xss [Software/Hardware] - LinkSys DSL Router BEFSR41 V2 [Vendor Product Description] - This Router will allow your computers to share a high-speed Internet connection as well as resources, including files and printers. [Bug Description] - Linksys does not validate the input size leading to stored Xss bug. - Host name,User Name(PPPoE and PPTP),Customized Applications and other fields are vulnerable. [History] - Advisory sent to vendor on 01/03/2011. - Vendor reply 01/03/2011 - Published 01/04/2011 [Impact] - Low [Affected Version] - LinkSys DSL Router BEFSR41 V2 - Firmware: 1.30 1.33.1 1.34 1.35 1.36 1.36T4(beta) 1.37 1.37.1(j) 1.38.5 1.39 1.40.1 1.40.2 1.42.3 1.42.6 1.42.7 1.43 1.43.3 1.44 1.44.2 1.46.2 [Vendor Reply] - According to the vendor, this hardware is deprecated [Codes] Example in Customized Applications fields: '><h1>B</h1> ---------------------------------------------------------------------------------------- [Credits] DcLabs Security Group Sponsor: Crash crash@dclabs.com.br -- Ewerson Guimaraes (Crash) Pentester/Researcher DcLabs Security Team www.dclabs.com.br


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top