Sign-up

ID

VAR-200607-0314


CVE

CVE-2006-3929


TITLE

Zyxel Prestige 660H-61 ADSL Router Forms/rpSysAdmin Cross-site scripting vulnerability in script

Trust: 0.8

sources: JVNDB: JVNDB-2006-002953

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: ZyXEL Prestige 660H-61 Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA21225 VERIFY ADVISORY: http://secunia.com/advisories/21225/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: ZyXEL Prestige 660H-61 http://secunia.com/product/11155/ DESCRIPTION: Jos\xe9 Ram\xf3n Palanco has reported a vulnerability in ZyXEL Prestige 660H-61, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "a" parameter in the rpSysAdmin script is not properly sanitised before being returned to the user. The vulnerability was reported for routers with firmware version V3.40(PT.0)b32. Other versions may also be affected. SOLUTION: Do not visit other web sites while accessing the router interface. PROVIDED AND/OR DISCOVERED BY: Jos\xe9 Ram\xf3n Palanco ORIGINAL ADVISORY: http://www.eazel.es/media/advisory004-Zyxel-Prestige-660H-61-Cross-Site-Scripting.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-3929 // JVNDB: JVNDB-2006-002953 // BID: 19180 // VULHUB: VHN-20037 // PACKETSTORM: 48614

AFFECTED PRODUCTS

vendor:zyxelmodel:prestige 660h-61scope:eqversion:firmware_3.40_pt.0_b32

Trust: 1.6

vendor:zyxelmodel:prestige 660h-61scope:eqversion:firmware 3.40(pt.0)b32

Trust: 0.8

vendor:zyxelmodel:prestige 660h-61scope:eqversion:0

Trust: 0.3

sources: BID: 19180 // JVNDB: JVNDB-2006-002953 // CNNVD: CNNVD-200607-509 // NVD: CVE-2006-3929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3929
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-3929
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200607-509
value: MEDIUM

Trust: 0.6

VULHUB: VHN-20037
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-3929
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20037
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-20037 // JVNDB: JVNDB-2006-002953 // CNNVD: CNNVD-200607-509 // NVD: CVE-2006-3929

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3929

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-509

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 48614 // CNNVD: CNNVD-200607-509

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002953

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-20037

PATCH
title:Top Pageurl:http://www.zyxel.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002953

EXTERNAL IDS
db:NVDid:CVE-2006-3929
Trust: 2.5
db:BIDid:19180
Trust: 2.0
db:SECUNIAid:21225
Trust: 1.8
db:SECTRACKid:1016598
Trust: 1.7
db:VUPENid:ADV-2006-3012
Trust: 1.7
db:SREASONid:1301
Trust: 1.7
db:OSVDBid:27548
Trust: 1.7
db:JVNDBid:JVNDB-2006-002953
Trust: 0.8
db:CNNVDid:CNNVD-200607-509
Trust: 0.7
db:BUGTRAQid:20060726 ZYXEL PRESTIGE 660H-61 CROSS-SITE SCRIPTING
Trust: 0.6
db:XFid:28021
Trust: 0.6
db:EXPLOIT-DBid:28283
Trust: 0.1
db:SEEBUGid:SSVID-81857
Trust: 0.1
db:VULHUBid:VHN-20037
Trust: 0.1
db:PACKETSTORMid:48614
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20037 // 
            
            
            
            BID: 19180 // 
            
            
            
            JVNDB: JVNDB-2006-002953 // 
            
            
            
            PACKETSTORM: 48614 // 
            
            
            
            CNNVD: CNNVD-200607-509 // 
            
            
            
            NVD: CVE-2006-3929

REFERENCES
url:http://www.eazel.es/media/advisory004-zyxel-prestige-660h-61-cross-site-scripting.html
Trust: 1.8
url:http://www.securityfocus.com/bid/19180
Trust: 1.7
url:http://www.osvdb.org/27548
Trust: 1.7
url:http://securitytracker.com/id?1016598
Trust: 1.7
url:http://secunia.com/advisories/21225
Trust: 1.7
url:http://securityreason.com/securityalert/1301
Trust: 1.7
url:http://www.securityfocus.com/archive/1/441193/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/3012
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/28021
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3929
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3929
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/28021
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/441193/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/3012
Trust: 0.6
url:http://www.zyxel.com
Trust: 0.3
url:/archive/1/441193
Trust: 0.3
url:http://secunia.com/advisories/21225/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/11155/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20037 // 
            
            
            
            BID: 19180 // 
            
            
            
            JVNDB: JVNDB-2006-002953 // 
            
            
            
            PACKETSTORM: 48614 // 
            
            
            
            CNNVD: CNNVD-200607-509 // 
            
            
            
            NVD: CVE-2006-3929

CREDITS
jose.palanco@eazel.es is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 19180 // 
            
            
            
            CNNVD: CNNVD-200607-509

SOURCES
db:VULHUBid:VHN-20037
db:BIDid:19180
db:JVNDBid:JVNDB-2006-002953
db:PACKETSTORMid:48614
db:CNNVDid:CNNVD-200607-509
db:NVDid:CVE-2006-3929

LAST UPDATE DATE
2024-08-14T14:47:54.814000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-20037date:2018-10-17T00:00:00
db:BIDid:19180date:2006-07-27T23:17:00
db:JVNDBid:JVNDB-2006-002953date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200607-509date:2007-03-28T00:00:00
db:NVDid:CVE-2006-3929date:2018-10-17T21:32:22.237

SOURCES RELEASE DATE
db:VULHUBid:VHN-20037date:2006-07-31T00:00:00
db:BIDid:19180date:2006-07-26T00:00:00
db:JVNDBid:JVNDB-2006-002953date:2012-12-20T00:00:00
db:PACKETSTORMid:48614date:2006-07-28T01:04:26
db:CNNVDid:CNNVD-200607-509date:2006-07-31T00:00:00
db:NVDid:CVE-2006-3929date:2006-07-31T21:04:00