CHIYU BF430 TCP IP Converter 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1926602 漏洞类型 跨站脚本
发布时间 2020-02-12 更新时间 2020-02-19
CVE编号 CVE-2020-8839 CNNVD-ID CNNVD-202002-425
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2020020056
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202002-425
|漏洞详情
CHIYU BF-430是中国台湾七友科技(CHIYU)公司的一款为门禁、考勤系统等设备提供通讯的联网服务器。 CHIYU BF-430 232/485 TCP/IP Converter 1.16.00之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
|漏洞EXP
# Exploit Title: CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting
# Google Dork: In Shodan search engine, the filter is "CHIYU"
# Date: 2020-02-11
# Exploit Author: Luca.Chiou
# Vendor Homepage: https://www.chiyu-t.com.tw/en/
# Version: BF430 232/485 TCP/IP Converter all versions prior to 1.16.00
# Tested on: It is a proprietary devices: https://www.chiyu-t.com.tw/en/product/rs485-to-tcp_ip-converter_BF-430.html
# CVE: CVE-2020-8839

# 1. Description:
# In CHIYU BF430 web page,
# user can modify the system configuration by access the /if.cgi.
# Attackers can inject malicious XSS code in "TF_submask" field.
# The XSS code will be stored in the database, so that causes a stored XSS vulnerability.

# 2. Proof of Concept:
# Access the /if.cgi of CHIYU BF430 232/485 TCP/IP Converter.
# Injecting the XSS code in parameter “TF_submask”:
# http://<Your Modem IP>/if.cgi?TF_submask=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E

==---------------------------------------------------------------
This email contains information that is for the sole use of the intended recipient and may be confidential or privileged. If you are not the intended recipient, note that any disclosure, copying, distribution, or use of this email, or the contents of this email is prohibited. If you have received this email in error, please notify the sender of the error and delete the message. Thank you.
---------------------------------------------------------------==!!
|参考资料

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156289/CHIYU-BF430-TCP-IP-Converter-Cross-Site-Scripting.html


来源:www.exploit-db.com

链接:https://www.exploit-db.com/exploits/48040