Details of VAR-E-201006-0125

ID

VAR-E-201006-0125

EDB ID

34182

TITLE

Linksys WAP54Gv3 Wireless Router - 'debug.cgi' Cross-Site Scripting - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 34182

DESCRIPTION

Linksys WAP54Gv3 Wireless Router - 'debug.cgi' Cross-Site Scripting.. remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 34182

AFFECTED PRODUCTS

vendor:	linksys	model:	wap54gv3 wireless router	scope:	-	version:	-	Trust: 1.0
vendor:	linksys	model:	wap54gv3	scope:	eq	version:	3.5.3	Trust: 0.3
vendor:	linksys	model:	wap54gv3	scope:	eq	version:	3.4.3	Trust: 0.3

sources: BID: 41061 // EXPLOIT-DB: 34182

EXPLOIT

source: https://www.securityfocus.com/bid/41061/info

Linksys WAP54Gv3 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Attackers may exploit this issue by enticing victims into visiting a malicious site.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The following firmware versions are vulnerable:

3.05.03 (Europe)
3.04.03 (US)

The following example input to the vulnerable parameter is available:

echo "</textarea><script>alert('XSS');</script>"

Trust: 1.0

sources: EXPLOIT-DB: 34182

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 34182

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 34182

TYPE

'debug.cgi' Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 34182

CREDITS

Cristofaro Mune

Trust: 0.6

sources: EXPLOIT-DB: 34182

EXTERNAL IDS

db:	BID	id:	41061	Trust: 1.9
db:	EXPLOIT-DB	id:	34182	Trust: 1.6
db:	EDBNET	id:	55547	Trust: 0.6

sources: BID: 41061 // EXPLOIT-DB: 34182 // EDBNET: 55547

REFERENCES

url:	https://www.securityfocus.com/bid/41061/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/34182/	Trust: 0.6
url:	http://www.icysilence.org/wp-content/uploads/is-2010-003_linksys_wap54gv3_debug.cgi_cross_site_scripting.txt	Trust: 0.3
url:	http://www.linksys.com	Trust: 0.3

sources: BID: 41061 // EXPLOIT-DB: 34182 // EDBNET: 55547

SOURCES

db:	BID	id:	41061
db:	EXPLOIT-DB	id:	34182
db:	EDBNET	id:	55547

LAST UPDATE DATE

2022-07-27T09:50:19.027000+00:00

SOURCES UPDATE DATE

db:

BID

id:

41061

date:

2010-06-23T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	41061	date:	2010-06-23T00:00:00
db:	EXPLOIT-DB	id:	34182	date:	2010-06-23T00:00:00
db:	EDBNET	id:	55547	date:	2010-06-23T00:00:00