ID
VAR-200809-0483
TITLE
Multiple SAGEM F@st Routers DHCP Hostname HTML Injection Vulnerability
Trust: 0.3
DESCRIPTION
Multiple SAGEM F@st routers are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied input data. Attacker-supplied HTML and script code would run in the context of the web interface of the affected device, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. The issue affects SAGEM F@st routers 1200, 1240, 1400, 1400W, 1500, 1500-WG, and 2404.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sagem | model: | f@st | scope: | eq | version: | 24040 | Trust: 0.3 |
| vendor: | sagem | model: | f@st 1500-wg | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | sagem | model: | f@st | scope: | eq | version: | 15000 | Trust: 0.3 |
| vendor: | sagem | model: | f@st 1400w | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | sagem | model: | f@st | scope: | eq | version: | 14000 | Trust: 0.3 |
| vendor: | sagem | model: | f@st | scope: | eq | version: | 12400 | Trust: 0.3 |
| vendor: | sagem | model: | f@st | scope: | eq | version: | 12000 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 31331 | Trust: 0.3 |
REFERENCES
| url: | http://www.sagem.com/ | Trust: 0.3 |
CREDITS
Underz0ne Crew
Trust: 0.3
SOURCES
| db: | BID | id: | 31331 |
LAST UPDATE DATE
2022-05-17T02:06:11.695000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 31331 | date: | 2008-09-24T18:09:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 31331 | date: | 2008-09-22T00:00:00 |