COMTREND CT-536 / HG-536 Routers - Multiple Remote Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057046 漏洞类型
发布时间 2008-12-22 更新时间 2008-12-22
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/32681
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/32975/info

COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities:

- Multiple unauthorized-access vulnerabilities
- An information-disclosure vulnerability
- Multiple cross-site scripting vulnerabilities
- A denial-of-service vulnerability
- Multiple buffer-overflow vulnerabilities

Attackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.

The following firmware versions are vulnerable; additional versions may also be affected:
CT-536 A101-302JAZ-C01_R05
HG-536+ A101-302JAZ-C01_R05 and A101-302JAZ-C03_R14.A2pB021g.d15h

http://www.example.com/scvrtsrv.cmd?action=add&srvName=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&srvAddr=192.168.1.1&proto=1,&eStart=1,&eEnd=1,&iStart=1,&iEnd http://www,example.com/password.html