ID
VAR-E-200809-0949
TITLE
Multiple SAGEM F@st Routers DHCP Hostname HTML Injection Vulnerability
Trust: 0.3
DESCRIPTION
Multiple SAGEM F@st routers are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied input data.
Attacker-supplied HTML and script code would run in the context of the web interface of the affected device, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
The issue affects SAGEM F@st routers 1200, 1240, 1400, 1400W, 1500, 1500-WG, and 2404.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sagem | model: | f@st | scope: | eq | version: | 24040 | Trust: 0.3 |
| vendor: | sagem | model: | f@st 1500-wg | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | sagem | model: | f@st | scope: | eq | version: | 15000 | Trust: 0.3 |
| vendor: | sagem | model: | f@st 1400w | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | sagem | model: | f@st | scope: | eq | version: | 14000 | Trust: 0.3 |
| vendor: | sagem | model: | f@st | scope: | eq | version: | 12400 | Trust: 0.3 |
| vendor: | sagem | model: | f@st | scope: | eq | version: | 12000 | Trust: 0.3 |
EXPLOIT
Attackers can exploit this issue using readily available tools.
The following exploit is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/31331.py">/data/vulnerabilities/exploits/31331.py</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Underz0ne Crew
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 31331 | Trust: 0.3 |
REFERENCES
| url: | http://www.sagem.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 31331 |
LAST UPDATE DATE
2022-07-27T09:57:30.878000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 31331 | date: | 2008-09-24T18:09:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 31331 | date: | 2008-09-22T00:00:00 |