Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-4587

Publish Date: 16 Jun 2015

Source

                CellPipe Router XSS vulnerability

Device model : CellPipe 7130 RG 5Ae. M2013 HOL
*Software Version:* : *1.0.0.20h.HOL*
CVE: CVE-2015-4587
Date: 16/06/2015
Discovered by: DiLi


Vulnerability type: Stored XSS vulnerabilities in the router's web interface

Exploitation and Impact:

A cross site scripting vulnerability is shared among the router's
users. These can harm other users of the router. The malicious
javascript can be executed in the context
of an other user's browsers and allows several different attack
opportunities, mostly hijacking the
current session of the user. This happens because the user input is
interpreted as HTML/JavaScript by the browser.

For example at the "port triggering" menu at the "Custom application" field
we can add javascript like :
&lt;script&gt; alert(document.cookie)&lt;/script&gt;
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CellPipe 7130 Cross Site Scripting

Vulmon Search

About

Products

Connect