Edimax AR-6004 ADSL路由器管理界面跨站脚本漏洞

31次阅读
没有评论

Edimax AR-6004 ADSL路由器管理界面跨站脚本漏洞

漏洞ID 1107618 漏洞类型 跨站脚本
发布时间 2004-01-06 更新时间 2005-10-20
Edimax AR-6004 ADSL路由器管理界面跨站脚本漏洞CVE编号 CVE-2004-1790
Edimax AR-6004 ADSL路由器管理界面跨站脚本漏洞CNNVD-ID CNNVD-200412-714
漏洞平台 Hardware CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23528
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-714
|漏洞详情
EdimaxAR-6004ADSLRouters的web管理界面存在跨站脚本(XSS)漏洞。远程攻击者借助URL注入任意web脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/9374/info

Edimax AR-6004 ADSL Routers are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious link to a site hosting the software that contains embedded HTML and script code. The embedded code may be rendered in the web browser of the victim user.

This could potentially be exploited to steal cookie-based authentication credentials from legitimate users. Other attacks are also possible.

http://www.example.com/<script>alert('XSS')</script>
|参考资料

来源:XF
名称:edimax-ar6004-xss(14165)
链接:http://xforce.iss.net/xforce/xfdb/14165
来源:BID
名称:9374
链接:http://www.securityfocus.com/bid/9374
来源:BUGTRAQ
名称:20040106EDIMAXAR-6004FullRateADSLRouterCrossSiteScriptingVulnerabillity
链接:http://www.securityfocus.com/archive/1/349089
来源:OSVDB
名称:3435
链接:http://www.osvdb.org/3435
来源:SECTRACK
名称:1008643
链接:http://securitytracker.com/id?1008643
来源:SECUNIA
名称:10576
链接:http://secunia.com/advisories/10576

相关推荐: SDFingerD Failure To Drop Privileges Local Privilege Escalation Vulnerability

SDFingerD Failure To Drop Privileges Local Privilege Escalation Vulnerability 漏洞ID 1100012 漏洞类型 Design Error 发布时间 2003-06-19 更新时间 …

正文完
 0