[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Multiple Vulnerabilities in Netgear FVS318 Router
From: Paul Kurczaba <advisories () securinews ! com>
Date: 2005-01-17 6:24:03
Message-ID: 20050117012403.9e02d42f () mail ! kurczaba ! com
[Download RAW message or body]
Multiple Vulnerabilities in Netgear FVS318 Router
http://www.securinews.com/vuln.htm?vulnid=103
-------------------------------------------------
Overview:
The Netgear FVS318 is an easy to use, firewall/router designed for home users and \
small businesses. SecuriNews Research has found 2 vulnerabilities in the router.
Vendor:
Netgear (http://www.netgear.com)
Affected Systems/Configuration:
2.4, possibly others
Vulnerabilities/Exploits:
1) By using HEX encoded characters, it is possible to bypass the URL filter. For \
example, if the router administrator blocks the phrase ".exe"; a user can encode one \
or more characters in the URL phrase to bypass the filter. If we encode the 'x' in \
".exe", the new phrase ".e%78e" will bypass the filter.
2) The content filter/log viewer contains a Cross Site Scripting vulnerability. When \
a user tries to access a blocked URL phrase, it is logged in the Security Log. If a \
user were to inject JavaScript into a blocked URL phrase, the JavaScript would be \
executed by the admin's browser when the security log is viewed.
Proof of Concept:
1) Example above.
2) If the router administrator has blocked the URL phrase ".exe", a user can inject \
JavaScript as follows:
http://www.example.com/somefile.exe</textarea><script>alert('XSS')</script>
Note: The string "</textarea>" must be added before the injected JavaScript, as the \
security log is placed in a text area.
Workaround:
None.
Date Discovered:
January 14, 2005
Severity:
Low-Medium
Credit:
SecuriNews Research
http://www.securinews.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic