exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Adtran Netvanta 7100 Bypass / XSS / Injection

Adtran Netvanta 7100 Bypass / XSS / Injection
Posted Sep 19, 2013
Authored by Jesus Oquendo

Adtran Netvanta 7100 with firmware prior to R10.5.3.HA suffers from bypass, injection, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, bypass
advisories | CVE-2013-5210
SHA-256 | de57cf95a25a199d03c85cba970136084ba737d94ce33a865bda94b7d07f6e41

Adtran Netvanta 7100 Bypass / XSS / Injection

Change Mirror Download
Multiple Vulnerabilities in the Adtran Netvanta 7100
Impact: Multiple Local and Remote Compromise, XSS and
other Injection Attacks
Version(s): firmware prior to R10.5.3.HA
Author: J. Oquendo (joquendo at e-fensive dot net)


Title: Multiple Vulnerabilities in Adtran Netvanta 7100
Date published: 2013-09-18
Vendor contacted in 2011

CVE-2013-5210 Remote Code Injection via XSS


The Adtran Netvanta 7100 (NV7100) is an "Office in a Box"
appliance offering data and VoIP services on a single
platform. In October 2011, I discovered there were some
vulnerabilities in the platform and contacted the vendor.
The initial disclosure revolved primarily around cross
site scripting attacks, where via crafted URIs an attacker
would have been able to trick users into performing a
variety of attacks, local to the users machine, or, if
given enough privileges, re-directed back to the NV7100.
After disclosing the issue, Adtran began fixing up these
initial issues however, in parallel, I then found others
which were similar in nature, but affecting other areas
of the NV7100.


For a description of XSS, injection attacks, authentication
bypass, please see OWASP material on this subject.


The NV7100's main issue (and the reason for the LONG release
of a patch) revolved around userapp/loginAction.html where
an attacker was able to inject code regardless of
authenticating. In the initial report, there was some
miscommunication on my behalf, as well as some vendor
misinterpretation of what was occurring. An attacker DOES
NOT NEED credentials to pull off a successful attack and
no POC code will be made publicly available to demonstrate.
The vendor was given a video that illustrated the who,
what, when, where and why.


Adtran released a firmware update, and advisory of their
own to resolve this issue however, in the interim, these
appliances should NEVER face the public internet, and
should be isolated via VLANs or firewalls to minimize abuse.



Wikto, Burpsuite, WVS, perl kung fu, Firefox

V. History

This was reported in 2011 and throughout the past two years,
Adtran has been fixing the issues I have been coming across.
Initially, the advisory began with over 52 different means
of attacks and over the course of two years, Adtran has
diligently addressed each and every vulnerability, as
recently as August 2013. While I would have preferred
placing a timeline, the reality is, two years is a long time
to go back and forth with a vendor on security issues.

VI. Renegotiation

There was also an SSL renegotation issue that was discovered
and addressed during the process of sorting out the XSS

J. Oquendo

"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama

42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
Login or Register to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    6 Files
  • 24
    Mar 24th
    47 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    50 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    7 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By