ID
VAR-E-201703-0300
CVE
| cve_id: | CVE-2017-5900 | Trust: 0.8 |
TITLE
NetComm NB16WV-02 Cross Site Scripting
Trust: 0.5
DESCRIPTION
NetComm NB16WV-02 suffers from a persistent cross site scripting vulnerability.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | netcomm | model: | nb16wv-02 | scope: | - | version: | - | Trust: 0.5 |
| vendor: | netcomm | model: | nb16wv-02 nb16wv r0.09 | scope: | - | version: | - | Trust: 0.3 |
EXPLOIT
Hi,
Mitre has provided the following with the CVE number: CVE-2017-5900
there is a Stored XSS vulnerability in a NetComm router's model NB16WV-02
running version NB16WV_R0.09, If authorized user is able to inject the
following string
POC:
Authenticated user is required:
http://<router_IP>/hdd.htm?rc=&S801F0334=/dkmvc%3C/script
%3E%3Cscript%3Ealert%28String.fromCharCode%28101,90,101,90%29
%29%3C/script%3Ed29f
Stored XSS will be injected and execute on the page reload.
This vulnearbilty can be used to steal session, cookies and many more.
NetComm will be releasing a patch in the coming weeks to address
this issue.
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
PRICE
free
Trust: 0.5
TYPE
xss
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
CREDITS
Luke Symons
Trust: 0.5
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-5900 | Trust: 0.8 |
| db: | PACKETSTORM | id: | 141998 | Trust: 0.5 |
| db: | BID | id: | 97161 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-5900 | Trust: 0.5 |
| url: | http://www.netcommwireless.com/ | Trust: 0.3 |
| url: | http://seclists.org/fulldisclosure/2017/mar/75 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 97161 |
| db: | PACKETSTORM | id: | 141998 |
LAST UPDATE DATE
2022-07-27T09:21:30.099000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 97161 | date: | 2017-03-29T00:02:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 97161 | date: | 2017-03-27T00:00:00 |
| db: | PACKETSTORM | id: | 141998 | date: | 2017-03-27T16:22:22 |