Sign-up

ID

VAR-201101-0409


TITLE

Linksys BEFSR41 Storage Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-0011

DESCRIPTION

Linksys BEFSR41 is a Linksys high-speed Cable/DSL switching router. Linksys does not verify the input size and can cause stored cross-site scripting errors. Hostname, username (PPPoE and PPTP), customizable applications and other fields are affected by this vulnerability. Linksys BEFSR41 is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the device, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible

Trust: 1.35

sources: CNVD: CNVD-2011-0011 // CNVD: CNVD-2011-0012 // BID: 45658

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2011-0011 // CNVD: CNVD-2011-0012

AFFECTED PRODUCTS

vendor:linksysmodel:bef sr41scope: - version: -

Trust: 1.2

vendor:linksysmodel:befsr41scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2011-0011 // CNVD: CNVD-2011-0012 // BID: 45658

THREAT TYPE

network

Trust: 0.3

sources: BID: 45658

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 45658

EXTERNAL IDS

db:BIDid:45658

Trust: 1.5

db:CNVDid:CNVD-2011-0011

Trust: 0.6

db:CNVDid:CNVD-2011-0012

Trust: 0.6

sources: CNVD: CNVD-2011-0011 // CNVD: CNVD-2011-0012 // BID: 45658

REFERENCES

url:http://www.securityfocus.com/archive/1/515532

Trust: 1.2

url:http://www.linksys.com

Trust: 0.3

url:/archive/1/515532

Trust: 0.3

sources: CNVD: CNVD-2011-0011 // CNVD: CNVD-2011-0012 // BID: 45658

CREDITS

DcLabs Security Group

Trust: 0.3

sources: BID: 45658

SOURCES

db:CNVDid:CNVD-2011-0011
db:CNVDid:CNVD-2011-0012
db:BIDid:45658

LAST UPDATE DATE

2022-05-17T02:10:00.068000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-0011date:2011-01-05T00:00:00
db:CNVDid:CNVD-2011-0012date:2011-01-05T00:00:00
db:BIDid:45658date:2011-01-04T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2011-0011date:2011-01-05T00:00:00
db:CNVDid:CNVD-2011-0012date:2011-01-05T00:00:00
db:BIDid:45658date:2011-01-04T00:00:00