ID
VAR-E-201405-0431
TITLE
Netgear DGN2200 Cross Site Scripting
Trust: 0.5
DESCRIPTION
Netgear DGN2200 suffers from a stored cross site scripting vulnerability.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | netgear | model: | dgn2200 | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
# Exploit Title: Stored XSS Vulnerability in NETGEAR DGN2200 Web interface
# Date 30/04/2014
# Exploit author: Dolev Farhi @f1nhack
# Vendor homepage: http://netgear.com
# Affected Firmware version: 1.0.0.29_1.7.29_HotS
# Affected Hardware: NETGEAR DGN2200 Wireless ADSL Router
Summary
=======
NETGEAR DGN2200 ADSL router web interface suffers from persistent XSS vulnerability in the QoS(Quality of Service) Administration page under 'Expert Mode'.
Vulnerability Description
=========================
Persistent Cross Site Scripting
Steps to reproduce / PoC:
=========================
1. Login to the router web interface
2. Enter expert mode
3. navigate to QoS page
4. Add QoS Rule, or Edit an existing one.
5. in "QoS Policy for: " Enter the following: <script>alert("XSS")</script> and click apply.
6. go to another page and navigate back into QoS - the XSS error pops up.
- PoC Video: https://www.youtube.com/watch?v=xxjluF2RR70
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
PRICE
free
Trust: 0.5
TYPE
xss
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
CREDITS
Dolev Farhi
Trust: 0.5
EXTERNAL IDS
| db: | PACKETSTORM | id: | 126435 | Trust: 0.5 |
SOURCES
| db: | PACKETSTORM | id: | 126435 |
LAST UPDATE DATE
2022-07-27T09:30:06.311000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 126435 | date: | 2014-05-02T06:28:50 |