Details of VAR-E-201202-0070

ID

VAR-E-201202-0070

CVE

cve_id:	CVE-2012-5322	Trust: 1.9
cve_id:	CVE-2012-5323	Trust: 0.3

sources: BID: 52098 // EXPLOIT-DB: 36865 // EDBNET: 58157

EDB ID

36865

TITLE

Xavi 7968 ADSL Router - '/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Site Scripting - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36865

DESCRIPTION

Xavi 7968 ADSL Router - '/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Site Scripting. CVE-79824CVE-2012-5322 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 36865

AFFECTED PRODUCTS

vendor:	xavi	model:	adsl router	scope:	eq	version:	7968	Trust: 1.0
vendor:	xavi	model:	adsl router	scope:	eq	version:	79680	Trust: 0.3

sources: BID: 52098 // EXPLOIT-DB: 36865

EXPLOIT

source: https://www.securityfocus.com/bid/52098/info

Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities.

The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, or perform certain administrative functions on victim's behalf. Other attacks are also possible.

http://www.example.com/webconfig/lan/lan_config.html/local_lan_config?ip_add_txtbox=www.example2.com&sub_mask_txtbox=255.255.255.0&host_name_txtbox=Hack<SCRIPT>alert(document.cookie)</script>&domain_name_txtbox=local.lan&mtu_txtbox=1500&next=Apply

Trust: 1.0

sources: EXPLOIT-DB: 36865

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36865

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36865

TYPE

'/webconfig/lan/lan_config.html/local_lan_config?host_name_txtbox' Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 36865

CREDITS

Busindre

Trust: 0.6

sources: EXPLOIT-DB: 36865

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5322	Trust: 1.9
db:	BID	id:	52098	Trust: 1.9
db:	EXPLOIT-DB	id:	36865	Trust: 1.6
db:	EDBNET	id:	58157	Trust: 0.6
db:	NVD	id:	CVE-2012-5323	Trust: 0.3

sources: BID: 52098 // EXPLOIT-DB: 36865 // EDBNET: 58157

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2012-5322	Trust: 1.6
url:	https://www.securityfocus.com/bid/52098/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/36865/	Trust: 0.6
url:	http://www.xavi.com.tw/	Trust: 0.3

sources: BID: 52098 // EXPLOIT-DB: 36865 // EDBNET: 58157

SOURCES

db:	BID	id:	52098
db:	EXPLOIT-DB	id:	36865
db:	EDBNET	id:	58157

LAST UPDATE DATE

2022-07-27T09:25:00.960000+00:00

SOURCES UPDATE DATE

db:

BID

id:

52098

date:

2012-10-10T18:20:00

SOURCES RELEASE DATE

db:	BID	id:	52098	date:	2012-02-21T00:00:00
db:	EXPLOIT-DB	id:	36865	date:	2012-02-21T00:00:00
db:	EDBNET	id:	58157	date:	2012-02-21T00:00:00