< back to advisories

MicraDigital 802.11g Router Web Interface Cross Site Scripting.

MicraDigital 802.11g ADSL Modem Router Cross Site Scripting         APR 12 2007

* Product

  MicraDigital 802.11g Wireless ADSL Modem Router.

* Vulnerable Versions

  Firmware version 2.00.04 was tested to be vulnerable.

* Vendor Status

  The Vendor was informed and confirmed the vulnerability.

* Details

  The provided web admin panel is prone to a Cross Site Scripting attack in the
  network's status page. The application prints the names of the hosts  in  the
  network  to  the  page and fails to sanitize from dangerous characters.  This
  way, an attacker might be able to execute arbitrary script code in the admin-
  istrators browser.

* Impact

  An attacker may exploit this vulnerability to gain access to the admin panel.

* Exploit

  Proof of concept exploit code is available.

Copyright (C) Nico Leidecker 2007 .

Permission is hereby granted for the electronic redistribution of this informa-
tion. It is not to be edited or altered in any way without the express  written
consent of the author.

The  information herein contained may change without notice. Use of this infor-
mation constitutes acceptance for use in an AS IS condition. There are NO  war-
ranties, implied or otherwise, with regard to this information of its use.  Any
use of this information is at the user's  risk.  In  no  event  shall  the  au-
thor/distributor be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information.