ID
VAR-E-201405-0272
EDB ID
33138
TITLE
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting. CVE-106530 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | netgear | model: | dgn2200 1.0.0.29 1.7.29 hots | scope: | - | version: | - | Trust: 1.6 |
EXPLOIT
# Exploit Title: Stored XSS Vulnerability in NETGEAR DGN2200 Web interface
# Date 30/04/2014
# Exploit author: Dolev Farhi @f1nhack
# Vendor homepage: http://netgear.com
# Affected Firmware version: 1.0.0.29_1.7.29_HotS
# Affected Hardware: NETGEAR DGN2200 Wireless ADSL Router
Summary
=======
NETGEAR DGN2200 ADSL router web interface suffers from persistent XSS vulnerability in the QoS(Quality of Service) Administration page under 'Expert Mode'.
Vulnerability Description
=========================
Persistent Cross Site Scripting
Steps to reproduce / PoC:
=========================
1. Login to the router web interface
2. Enter expert mode
3. navigate to QoS page
4. Add QoS Rule, or Edit an existing one.
5. in "QoS Policy for: " Enter the following: <script>alert("XSS")</script> and click apply.
6. go to another page and navigate back into QoS - the XSS error pops up.
- PoC Video: https://www.youtube.com/watch?v=xxjluF2RR70
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Persistent Cross-Site Scripting
Trust: 1.0
CREDITS
Dolev Farhi
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 33138 | Trust: 1.6 |
| db: | EDBNET | id: | 54625 | Trust: 0.6 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/33138/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 33138 |
| db: | EDBNET | id: | 54625 |
LAST UPDATE DATE
2022-07-27T09:18:48.100000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 33138 | date: | 2014-05-01T00:00:00 |
| db: | EDBNET | id: | 54625 | date: | 2014-05-01T00:00:00 |