SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   NETGEAR Router Vendors:   NETGEAR
NETGEAR Router Allows Cross Site Scripting Attacks, Possibly Allowing a Remote User to Gain Access to the Router
SecurityTracker Alert ID:  1003437
SecurityTracker URL:  http://securitytracker.com/id/1003437
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 5 2002
Impact:   Disclosure of user information, Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): RT314/RT311 running firmware 3.24 and 3.25
Description:   A vulnerability was reported in the NETGEAR router series. A remote user can conduct a cross-site scripting attack against the router.

It is reported that the router's web-based management interface allows cross site scripting attacks. A remote user could create HTML content (either a web page or e-mail message) that contains the following type of URL:

http://<router_ip>/<script>alert('Vulnerable')</script>

If the content is sent to a router administrator and the URL is loaded on that administrator's browser, the javascript would execute within the security context of the router and could obtain the recipient's cookies associated with the router.

The vendor has reportedly been notified.

Impact:   A remote user could cause javascript to execute on another user's host that would be able to access the target user's cookies associated with the router management authentication. This could potentially allow the remote user to gain access to the router.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.netgear.com/product_view.asp?xrp=4&yrp=12&zrp=55 (Links to External Site)
Cause:   Input validation error

Message History:   This archive entry has one or more follow-up message(s) listed below.
(A User Provides a Workaround) Re: NETGEAR Router Allows Cross Site Scripting Attacks, Possibly Allowing a Remote User to Gain Access to the Router
A user has provided a workaround.



 Source Message Contents

Subject:  Netgear RT311/RT314


Product:  
Netgear Gateway Router RT314/RT311

Description:    
Netgear's RT314 is a four-port gateway router targeted at the small home or small office network. 

Systems Affected:
Tested on a Netgear RT314 running firmware versions 3.24 and 3.25. Any hardware running this firmware (RT-311 also runs the same firmware).
 Any product running ZyXel-RomPager web server 3.02 or earlier is probably also vulnerable.

Problem Description:
The Netgear RT314 Gateway Router (FW v3.25) runs a web server (ZyXEL-RomPager/3.02) for easy user configuration. This web server is
 vulnerable to the standard Cross Site Scripting problems seen in multiple web servers (noted in CERT CA-2000-02 from two years ago).
  Though it may be difficult to exploit (attacker would need to know
the internal address of the victim's router), it still opens the possibility that an attacker could gain unauthorized access to the
 router, and possibly reconfigure it to allow remote access.

To check Netgear devices for CSS, simply access the following URL in a browser:
 http://<router_ip>/<script>alert('Vulnerable')</script>
If you receive a JavaScript pop-up alert, the system is vulnerable to Cross Site Scripting.

Vendor Status:
Vendor was contacted on 1/5/2002 (support@netgear.com), but did not respond.

Contact:
sq@cirt.net

____________________________________________________________________
http://www.cirt.net/
Home of the Nikto web scanner, default port/password/ssid databases.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC