ID
VAR-201011-0298
TITLE
ZyXEL P-660R-T1 V2 'HomeCurrent_Date' parameter cross-site scripting vulnerability
Trust: 0.9
DESCRIPTION
The ZyXEL P-660R-T1 is a wireless router device. The ZyXEL P-660R-T1 WEB interface script incorrectly filters the data submitted by the user to the 'HomeCurrent_Date' parameter. An attacker can use the vulnerability to submit a POST request for a cross-site scripting attack to obtain sensitive information or unauthorized access to the device. ZyXEL P-660R-T1 V2 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | zyxel | model: | p-660r-t1 | scope: | eq | version: | v2 | Trust: 0.6 |
| vendor: | zyxel | model: | p-660r-t1 | scope: | eq | version: | v20 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 45027 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-2934 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/archive/1/514874 | Trust: 0.6 |
| url: | http://www.zyxel.com/web/product_category.php?pc1indexflag=20040812093058 | Trust: 0.3 |
| url: | /archive/1/514874 | Trust: 0.3 |
CREDITS
Usman Saeed
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-2934 |
| db: | BID | id: | 45027 |
LAST UPDATE DATE
2022-05-17T01:37:54.139000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-2934 | date: | 2010-11-24T00:00:00 |
| db: | BID | id: | 45027 | date: | 2010-11-23T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-2934 | date: | 2010-11-24T00:00:00 |
| db: | BID | id: | 45027 | date: | 2010-11-23T00:00:00 |