what you don't know can hurt you

Mediatrix 4402 Cross Site Scripting

Mediatrix 4402 Cross Site Scripting
Posted Jan 24, 2014
Authored by help AG Middle East

The Mediatrix web management interface for the 4402 device suffers from a cross site scripting vulnerability.

tags | advisory, web, xss
advisories | CVE-2014-1612
MD5 | 8b63ebf7592d180f7d552d9ba69119d5

Mediatrix 4402 Cross Site Scripting

Change Mirror Download
Advisory ID: hag201476
Product: Mediatrix Web Management Interface
Vendor: Media5 Corporation
Vulnerable Version(s): Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and probably prior
Tested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186
Advisory Publication: January 23, 2014
Vendor Notification: November 13, 2013
Public Disclosure: January 23, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-1612
Risk Level: Medium
CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution not yet released
Discovered and Provided: Help AG Middle East

------------------------------------------------------------------------

-----------------------

about the vendor:
Media5 products and technologies are deployed in millions of broadband connected devices including smartphones, set-top boxes, and a wide variety of telecommunications equipment and applications.
Our VoIP expertise went on to deliver the Mediatrix family of VoIP ATAs and Gateways, and now includes a suite of voice and video mobility solutions and the M5T family of secure SIP-based solutions for the telecommunications marketplace.


Advisory Details:

During a Pentest Help AG discovered the following:
Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface, found in the login page, allows remote attackers to inject arbitrary web scripts or HTML via the vulnerable parameter “username”

1) Cross-Site Scripting (XSS) in Mediatrix Web Management Interface: CVE-2014-1612

As proof of concept, one needs to access the following URL on a Mediatrix Web Interface: http://<<MediatrixWebInterfaceIP/Host>>/login.esp?r=system_info.esp&username=%22/%3E%3Cscript%3Ealert%281%29%3C/script%3E

Hackers could craft malicious URLs and send them to system admins to try to gain access to the administrative interface of the Mediatrix Device. As the targeted Mediatrix device in our case is used for providing voice over IP (VoIP) connectivity to ISDN telephones, the attacker could even set up his rogue SIP server, replace the original one in the Mediatrix configuration and listen to all corporate calls if an administrative account is compromised via the XSS in the login page.

------------------------------------------------------------------------

-----------------------

Solution:

The vendor was notified, contact the vendor for the patch details

------------------------------------------------------------------------

-----------------------

References:

[1] help AG middle East http://www.helpag.com/.
[2] Media5 Corporation http://www.mediatrix.com/en/company
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.

------------------------------------------------------------------------

-----------------------

Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close