what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SEH utnserver Pro 20.1.22 Cross Site Scripting

SEH utnserver Pro 20.1.22 Cross Site Scripting
Posted Nov 22, 2024
Site fhstp.ac.at

SEH utnservyer Pro version 20.1.22 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2024-11304
SHA-256 | 8a817f7a2f70f702d665df042fc9c3e7290ebdec05e9d80aed3e21cb27a39f2b

SEH utnserver Pro 20.1.22 Cross Site Scripting

Change Mirror Download
St. Pölten UAS 20241118-0
-------------------------------------------------------------------------------
title| Multiple Stored Cross-Site Scripting
product| SEH utnserver Pro
vulnerable version| 20.1.22
fixed version| 20.1.35
CVE number| CVE-2024-11304
impact| High
homepage| https://www.seh-technology.com/
found| 2024-05-24
by| P. Riedl, J. Springer, P. Chistè, D. Sagl, S. Vogt
| These vulnerabilities were discovery during research at
| St.Pölten UAS, supported and coordinated by CyberDanube.
|
| https://fhstp.ac.at | https://cyberdanube.com
-------------------------------------------------------------------------------

Vendor description
-------------------------------------------------------------------------------
"We are SEH from Bielefeld - manufacturer of high-quality network solutions.
With over 35 years of experience in the fields of printing and networks, we
offer our customers a broad and high-level expertise in solutions for all types
of business environments."

Source: https://www.seh-technology.com/us/company/about-us.html

Vulnerable versions
-------------------------------------------------------------------------------
utnserver Pro / 20.1.22
utnserver ProMAX / 20.1.22
INU-100 / 20.1.22


Vulnerability overview
-------------------------------------------------------------------------------
1) Multiple Stored Cross-Site Scripting (CVE-2024-11304)
Different settings on the web interface of the device can be abused to store
JavaScript code and execute it in the context of a user's browser.


Proof of Concept
-------------------------------------------------------------------------------
1) Multiple Stored Cross-Site Scripting (CVE-2024-11304)
The following snippet can be used to demonstrate, that stored cross-site
scripting is possible in multiple locations on the device:
"><script>alert(document.location)</script>

Examples are:
* Users password: "usrMg_pwd"
This can be displayed in cleartext and executed in the device configuration.
* Certificate options: "Common name", "Organization name", "Locality name"
This can be executed in the certificate information.
* Device description: "Host name", "Contact person", "Description"
This can be executed in "Device -> Description".
* USB password via uploading a crafted "_parameters.txt" file: "usbMdg_pwd"
This can be executed in the "Maintenance -> Content View" tab.


Saving this text to the device description leads to a persistent cross-site
scripting. Therefore, everyone who openes the device description executes the
injected code in the context of the own browser.


The vulnerabilities were manually verified on an emulated device by using the
MEDUSA scalable firmware runtime (https://medusa.cyberdanube.com).

Solution
-------------------------------------------------------------------------------
Install firmware version 20.1.35 to fix the vulnerabilities.


Workaround
-------------------------------------------------------------------------------
None


Recommendation
-------------------------------------------------------------------------------
CyberDanube recommends SEH Computertechnik customers to upgrade the firmware to
the latest version available.


Contact Timeline
-------------------------------------------------------------------------------
2024-09-23: Contacting SEH Computertechnik and sent advisory to support.
Support answered, that vulnerabilities are fixed in version
20.1.35.
2024-10-21: Closed the issue and scheduled publication for November.
2024-11-18: Coordinated disclosure of advisory.

Web: https://www.fhstp.ac.at/
Twitter: https://x.com/fh_stpoelten
Mail: mis@fhstp.ac.at

EOF T. Weber / @2024


Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close