Sign-up

ID

VAR-200909-0001


CVE

CVE-2007-6729


TITLE

ZyXEL P-330W Router Web Management interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-005294

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors. ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize user-supplied input. These issues affect the device's web-based administrative interface. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker may leverage the cross-site request-forgery issues to perform actions in the context of a device administrator, which can compromise the device. ZyXEL P-330W is a wireless broadband router. There is an input validation vulnerability when ZyXEL P-330W processes user requests, remote attackers may exploit this vulnerability to attack user systems. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: ZyXEL P-330W Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA28172 VERIFY ADVISORY: http://secunia.com/advisories/28172/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: ZyXEL P-330W http://secunia.com/product/17060/ DESCRIPTION: Some vulnerabilities have been reported in ZyXEL P-330W, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Input passed to the parameter "pingstr" in ping.asp is not properly sanitised before being returned to a user. 2) Various vulnerabilities are caused due to the device allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change the administrator's password. Note: Reportedly, the router runs a vulnerable version of GoAhead WebServer, which potentially can be exploited by malicious people to compromise the device. SOLUTION: Do not browse other websites while being logged into the device. PROVIDED AND/OR DISCOVERED BY: Santa Clause ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059295.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059316.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-6729 // JVNDB: JVNDB-2009-005294 // BID: 27024 // VULHUB: VHN-30091 // PACKETSTORM: 62241

AFFECTED PRODUCTS

vendor:zyxelmodel:p-330w routerscope:eqversion:*

Trust: 1.0

vendor:zyxelmodel:p-330wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:p-330w routerscope: - version: -

Trust: 0.6

vendor:zyxelmodel:p-330wscope:eqversion:0

Trust: 0.3

sources: BID: 27024 // JVNDB: JVNDB-2009-005294 // NVD: CVE-2007-6729 // CNNVD: CNNVD-200909-164

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2007-6729
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-200909-164
value: MEDIUM

Trust: 0.6

VULHUB: VHN-30091
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2007-6729
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-30091
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-30091 // JVNDB: JVNDB-2009-005294 // NVD: CVE-2007-6729 // CNNVD: CNNVD-200909-164

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-30091 // JVNDB: JVNDB-2009-005294 // NVD: CVE-2007-6729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-164

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 62241 // CNNVD: CNNVD-200909-164

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2007-6729

PATCH
title:Top Pageurl:http://www.zyxel.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-005294

EXTERNAL IDS
db:NVDid:CVE-2007-6729
Trust: 2.8
db:BIDid:27024
Trust: 2.0
db:SECUNIAid:28172
Trust: 1.8
db:JVNDBid:JVNDB-2009-005294
Trust: 0.8
db:CNNVDid:CNNVD-200909-164
Trust: 0.7
db:FULLDISCid:20071225 HO HO H0-DAY - ZYXEL P-330W MULTIPLE XSS AND XSRF VULNERABILITIES
Trust: 0.6
db:VULHUBid:VHN-30091
Trust: 0.1
db:PACKETSTORMid:62241
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30091 // 
            
            
            
            BID: 27024 // 
            
            
            
            JVNDB: JVNDB-2009-005294 // 
            
            
            
            PACKETSTORM: 62241 // 
            
            
            
            NVD: CVE-2007-6729 // 
            
            
            
            CNNVD: CNNVD-200909-164

REFERENCES
url:http://www.securityfocus.com/bid/27024
Trust: 1.7
url:http://seclists.org/fulldisclosure/2007/dec/0559.html
Trust: 1.7
url:http://secunia.com/advisories/28172
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6729
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6729
Trust: 0.8
url:http://www.us.zyxel.com/products/model.php?indexcate=1124750607&indexcate1=1121212137&indexflagvalue=1021876859
Trust: 0.3
url:http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0560.html
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/17060/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://lists.grok.org.uk/pipermail/full-disclosure/2007-december/059316.html
Trust: 0.1
url:http://secunia.com/advisories/28172/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://lists.grok.org.uk/pipermail/full-disclosure/2007-december/059295.html
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30091 // 
            
            
            
            BID: 27024 // 
            
            
            
            JVNDB: JVNDB-2009-005294 // 
            
            
            
            PACKETSTORM: 62241 // 
            
            
            
            NVD: CVE-2007-6729 // 
            
            
            
            CNNVD: CNNVD-200909-164

CREDITS
Santa Clause  santa_clause@hush.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200909-164

SOURCES
db:VULHUBid:VHN-30091
db:BIDid:27024
db:JVNDBid:JVNDB-2009-005294
db:PACKETSTORMid:62241
db:NVDid:CVE-2007-6729
db:CNNVDid:CNNVD-200909-164

LAST UPDATE DATE
2023-12-18T13:35:05.278000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-30091date:2009-09-15T00:00:00
db:BIDid:27024date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2009-005294date:2012-12-20T00:00:00
db:NVDid:CVE-2007-6729date:2009-09-15T05:10:19.953
db:CNNVDid:CNNVD-200909-164date:2009-09-15T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-30091date:2009-09-10T00:00:00
db:BIDid:27024date:2007-12-25T00:00:00
db:JVNDBid:JVNDB-2009-005294date:2012-12-20T00:00:00
db:PACKETSTORMid:62241date:2008-01-03T18:16:15
db:NVDid:CVE-2007-6729date:2009-09-10T10:30:00.203
db:CNNVDid:CNNVD-200909-164date:2007-12-25T00:00:00