Advisory ID: NEOCAN-2013-002 Advisory Title: Stored XSS ('cross-site scripting') in Airvana HubBub C1-600-RT router Author: Scott Behrens / Scott.Behrens@Neohapsis.com Release Date: 02/27/2013 Vendor: Airvana Application: Airrave 2.5 router administration page Platform: Web Application Severity: Medium Vendor status: No response from vendor CVE Number: CVE-2013-2270 Reference: 004 Overview: A stored cross-site scripting vulnerability was discovered in the Airrave 2.5 router. An attacker that exploits this attack may use it to execute malicious JavaScript against a victim or trigger a browser exploit. The attack requires that the victim is authenticated to the device. Vendor Response: Vendor was contacted first via email on January 17th, 2013. Researcher did not receive a response when using the 'online form' which was the only publically available email on the company’s website. Vendor was then contacted via telephone on the following dates: January 25th, February 7th, February 12th. A 'support operator' filed the ticket and informed the researcher a technician would call them back. No technician ever followed up to the calls. Recommendation: Ensure data controlled input is html encoded or escaped. Perform content filtering on user control data for special characters or symbols. Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues: CVE-2013-2270 These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. Common Weakness Enumeration (CWE) Information: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') http://cwe.mitre.org/data/definitions/79.html --------Neohapsis Vulnerability Research Advisory Information------- For questions about this advisory, or to report an error: research@neohapsis.com NeohapsisVulnerability Research GPG Key: http://www.neohapsis.com/assets/NeohapsisVulnerabilityResearch-PUB.asc Copyright (c) 2013 Neohapsis