Coship RT3052 Wireless Router - Persistent Cross Site Scripting (XSS)

vendor:

RT3052 Wireless Router

by:

Sayan Chatterjee

6.1

CVSS

MEDIUM

Persistent Cross Site Scripting (XSS)

CWE

Product Name: RT3052 Wireless Router

Affected Version From: 4.0.0.48

Affected Version To: 4.0.0.48

Patch Exists: YES

Related CWE: CVE-2018-8772

CPE: h:coship:rt3052_wireless_router

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2018

Coship RT3052 Wireless Router – Persistent Cross Site Scripting (XSS)

A persistent Cross Site Scripting (XSS) vulnerability exists in Coship RT3052 Wireless Router. An attacker can inject malicious JavaScript code in the Network Name(SSID) field of the router's web interface, which will be executed in the context of the router's web interface. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of the affected site.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update their router to the latest version.

Source

Exploit-DB raw data:

######################################################################################
# Exploit Title: Coship RT3052 Wireless Router - Persistent Cross Site Scripting (XSS)
# Date: 2018-03-18
# Exploit Author: Sayan Chatterjee
# Vendor Homepage: http://en.coship.com/
# Category: Hardware (Wifi Router)
# Version: 4.0.0.48
# Tested on: Windows 10
# CVE: CVE-2018-8772
#######################################################################################
 
Proof of Concept
=================
URL: http://192.168.1.254 (Wifi Router Gateway)
Attack Vector : Network Name(SSID)
Payload : <script>alert("S@Y@N")</script>
 
Reproduction Steps:
------------------------------
1. Access the wifi router gateway [i.e, http://192.168.1.254]
2. Go to "Wireless Setting" -> "Basic"
3. Update "Network Name(SSID)" field with '<script>alert("S@Y@N")</script>'
4. Save the settings.
5. Go to "System Status" and you will be having "S@Y@N" popup.

#######################################################################################