exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ZyXel WAP3205 Cross Site Scripting

ZyXel WAP3205 Cross Site Scripting
Posted Jan 24, 2016
Authored by Nicholas Lehman

ZyXel WAP3205 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8b34626bd7866d7c73e807f070af5d155661fde5147b19897b10deaca0d55f01

ZyXel WAP3205 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

#Vendor: ZyXel WAP3205 - version 1 (Product is EOL and no patch
forthcoming)
#Firmware version: V1.00(BFR.6) - V1.00(BFR.8)C0
#Exploit Author: Nicholas Lehman @GraphX
#Vulnerability: Multiple persistent and reflected XSS vulnerabilities

Description:
Multiple persistent XSS Vulnerabilities have been discovered in the ZyXel
WAP3205 (version 1) wireless access point. These vulnerabilities could
allow and authenticated attacker to insert persistent malicious code on
several pages and using several different fields. The WAP is End-Of-Life
according to the vendor and will not be issuing a patch for these
vulnerabilities.

Proof of Concept:
The first vulnerability discovered pertained to the inputs found on


- - -https://<ROUTER_IP>/local/advance/main_maintenance_frame.html
the domain_name and system_name inputs are vulnerable to reflected
cross-site scripting and there does not appear to be any validation or
sanitation of those inputs. the admin_inactivity_time input is vulnerable
to persistent XSS with the following code being used:
admin_inactivity_timer=0"><script>alert(document.cookie)</script><input

- - -The date and time tab is also vulnerable to persistent cross site
scripting. The following inputs allow for malicious code to be stored and
executed:
NTPServerIP
servertype
timedatatype

3. Solution:
ZyXel was informed of the vulnerability, but since the router is end of
life, a patch will not be released.
Upgrade to a supported WAP
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWo8HaAAoJEGoTpzhfiAPxZFYP/iMGT7oGqHxLtw5rGVk0t5my
ZxKD/ho84OhtHP6d1d4mVcKOmVGPMRLCR7V62m6G9iluzTx08uhAooXzdGPfua9I
WXY+bIyj/3w5ydYJRd6gfR3/BwBHQKiMb06Iwsm2KivZNLYTFZ1mThXcn/dpgopL
BRjLxpVaMOAVEaVgHEcm0B59uaIFT2jBSHfi3MZMYSlkoEGTCs+UaJ3qxMbmxYC9
06Zg8+pQs17AOdaBhSRb/vfeBRuLjbSsNZwI2XrDd5rj6+J3z34VasAnStgcd/uV
5cSIN7AAlfi3sg7BE+3hUZxK8p0KL2vKsm1/FOzAXs9H5/x51vLeJ0zbS4f57wIC
x8lfkEu5GnK2jD2f0IeHrtnesXnIsBAB5THYxrqIfXJI0QpJZk0Dt3NL/uy2x4II
gX8mnqJdci8o58oB4EG3RoYjKNpbbKGmF2JO1Gvgu9COmxMiYhTi9/HUW+SUizne
zDjSeYLRn+VwuG4b77Rv+DH32ue93ujuIIMI+0zRzbpVo0kTr8P772LDn/Ypc5PP
QtDC9A3OHqMOlrURgEEOU4uoB7rEH/aFqmuqEmdjdAVqRJ9xHINtChCIuNCFR9S1
wGluQ2HQ58eOZZK2GCUep57bgaFHSzm5mi0uHd27h6J40wVTiErZfJM5SW8z/rI1
JVy7N1+3MESCr8pW/Cgo
=sI1p
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close