Persistent XSS in SSID

vendor:

Platinum-4410

by:

Amal Mohandas

8.8

CVSS

HIGH

Stored XSS

CWE

Product Name: Platinum-4410

Affected Version From: P4410-V2-1.28

Affected Version To: P4410-V2-1.28

Patch Exists: YES

Related CWE: N/A

CPE: h:genexis:platinum-4410

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2020

Genexis Platinum-4410 Home Gateway Router is vulnerable to stored XSS in the SSID parameter. This could allow attackers to perform malicious action in which the XSS popup will affect all privileged users.

Mitigation:

Upgrade to the latest version of the firmware

Source

Exploit-DB raw data:

# Exploit Title: Persistent XSS in SSID
# Date: 10/24/2020
# Exploit Author: Amal Mohandas
# Vendor Homepage: https://genexis.co.in/product/ont/
# Version: Platinum-4410 Software version - P4410-V2-1.28
# Tested on: Windows 10

Vulnerability Details
======================
Genexis Platinum-4410 Home Gateway Router is vulnerable to stored XSS
in the SSID parameter. This could allow attackers to perform malicious
action in which the XSS popup will affect all privileged users.

How to reproduce
===================
1. Login to the firmware as any user
2. Navigate to Net tab--> WLAN
3. Enter below mentioned payload in "SSID" text box
<script>alert(1)</script>
4. Click on the "OK" button.
5. Relogin as any user and again navigate to Net tab--> WLAN
6. Observe the XSS popup showing persistent XSS