ID
VAR-E-201104-0421
TITLE
o2 DSL Router Classic Cross Site Request Forgery and HTML Injection Vulnerabilities
Trust: 0.3
DESCRIPTION
o2 DSL Router Classic is prone to a cross-site request-forgery vulnerability and multiple HTML-injection vulnerabilities.
An attacker can exploit the cross-site request-forgery issue to perform unauthorized actions in the context of a user's session. This may aid in other attacks.
The attacker can exploit the HTML-injection issues to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, or to control how the site is rendered. Other attacks are also possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | telefónica germany | model: | & co. ohg o2 dsl router classic | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
An attacker can exploit these issues with readily available tools.
Bullet list:
<li><a href="/data/vulnerabilities/exploits/47261.txt">/data/vulnerabilities/exploits/47261.txt</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Hanno Böck
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 47261 | Trust: 0.3 |
REFERENCES
| url: | http://www.o2online.de/dsl/o2-dsl-router.html | Trust: 0.3 |
| url: | http://permalink.gmane.org/gmane.comp.security.full-disclosure/78943 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 47261 |
LAST UPDATE DATE
2022-07-27T09:45:33.436000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 47261 | date: | 2011-04-07T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 47261 | date: | 2011-04-07T00:00:00 |