Details of VAR-201104-0326

ID

VAR-201104-0326

TITLE

Fiberhome HG-110 Directory Traversal Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-1373

DESCRIPTION

The Fiberhome HG-110 is an ADSL router device. The Fiberhome HG-110 has a cross-site scripting attack that can lead to the disclosure of sensitive information or unauthorized access to system sensitive files. Fiberhome HG-110 is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and other harvested information, which may aid in launching further attacks. Fiberhome HG-110 firmware 1.0.0 is vulnerable other versions may also be affected

Trust: 1.35

sources: CNVD: CNVD-2011-1373 // CNVD: CNVD-2011-1372 // BID: 47277

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2011-1373 // CNVD: CNVD-2011-1372

AFFECTED PRODUCTS

vendor:

fiberhome

model:

hg-110

scope:

version:

1.0

Trust: 1.5

sources: CNVD: CNVD-2011-1373 // CNVD: CNVD-2011-1372 // BID: 47277

THREAT TYPE

network

Trust: 0.3

sources: BID: 47277

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 47277

EXTERNAL IDS

db:	BID	id:	47277	Trust: 1.5
db:	CNVD	id:	CNVD-2011-1373	Trust: 0.6
db:	CNVD	id:	CNVD-2011-1372	Trust: 0.6

sources: CNVD: CNVD-2011-1373 // CNVD: CNVD-2011-1372 // BID: 47277

REFERENCES

url:	http://www.securityfocus.com/bid/47277/infohttp	Trust: 1.2
url:	http://seclists.org/fulldisclosure/2011/apr/132	Trust: 0.3

sources: CNVD: CNVD-2011-1373 // CNVD: CNVD-2011-1372 // BID: 47277

CREDITS

Zerial

Trust: 0.3

sources: BID: 47277

SOURCES

db:	CNVD	id:	CNVD-2011-1373
db:	CNVD	id:	CNVD-2011-1372
db:	BID	id:	47277

LAST UPDATE DATE

2022-05-17T01:56:37.174000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-1373	date:	2011-04-11T00:00:00
db:	CNVD	id:	CNVD-2011-1372	date:	2011-04-11T00:00:00
db:	BID	id:	47277	date:	2011-04-08T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-1373	date:	2011-04-11T00:00:00
db:	CNVD	id:	CNVD-2011-1372	date:	2011-04-11T00:00:00
db:	BID	id:	47277	date:	2011-04-08T00:00:00