ID
VAR-E-202010-0069
EDB ID
48948
TITLE
Genexis Platinum-4410 - 'SSID' Persistent XSS - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Genexis Platinum-4410 - 'SSID' Persistent XSS.. webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | genexis | model: | platinum-4410 | scope: | - | version: | - | Trust: 1.6 |
EXPLOIT
# Exploit Title: Persistent XSS in SSID
# Date: 10/24/2020
# Exploit Author: Amal Mohandas
# Vendor Homepage: https://genexis.co.in/product/ont/
# Version: Platinum-4410 Software version - P4410-V2-1.28
# Tested on: Windows 10
Vulnerability Details
======================
Genexis Platinum-4410 Home Gateway Router is vulnerable to stored XSS
in the SSID parameter. This could allow attackers to perform malicious
action in which the XSS popup will affect all privileged users.
How to reproduce
===================
1. Login to the firmware as any user
2. Navigate to Net tab--> WLAN
3. Enter below mentioned payload in "SSID" text box
<script>alert(1)</script>
4. Click on the "OK" button.
5. Relogin as any user and again navigate to Net tab--> WLAN
6. Observe the XSS popup showing persistent XSS
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'SSID' Persistent XSS
Trust: 1.6
CREDITS
Amal Mohandas
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 48948 | Trust: 1.6 |
| db: | EDBNET | id: | 103454 | Trust: 0.6 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/48948/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 48948 |
| db: | EDBNET | id: | 103454 |
LAST UPDATE DATE
2022-07-27T09:56:01.835000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 48948 | date: | 2020-10-26T00:00:00 |
| db: | EDBNET | id: | 103454 | date: | 2020-10-26T00:00:00 |