Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting

vendor:

Platinum-4410

by:

Jithin KS

8.8

CVSS

HIGH

Stored XSS

CWE

Product Name: Platinum-4410

Affected Version From: P4410-V2-1.31A

Affected Version To: P4410-V2-1.31A

Patch Exists: YES

Related CWE: N/A

CPE: h:genexis:platinum-4410

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2020

Genexis Platinum-4410 P4410-V2-1.31A – ‘start_addr’ Persistent Cross-Site Scripting

Genexis Platinum-4410 Home Gateway Unit is vulnerable to stored XSS in the 'start_addr' parameter. This could allow attackers to perform malicious action in which the XSS popup will affect all privileged users. To reproduce, login to the firmware as any user, navigate to Manage tab--> Security Management, enter any valid value in Start Source Address and fill all other fields. Click Add. Capture this request in Burp Suite. Enter payload <script>alert(1)</script> in 'start_addr' text box and forward the request. Relogin as any user and again navigate to Manage tab--> Security Management and observe the XSS popup showing persistent XSS.

Mitigation:

Upgrade to the latest version of the firmware

Source

Exploit-DB raw data:

# Exploit Title: Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting
# Date: 03/25/2020
# Exploit Author: Jithin KS
# Vendor Homepage: https://www.gxgroup.eu/ont-products/
# Version: Platinum-4410 Software version - P4410-V2-1.31A
# Tested on: Windows 10
# Author Contact: hhttps://twitter.com/jithinks_8<https://twitter.com/amalmohandas0>

Vulnerability Details
======================
Genexis Platinum-4410 Home Gateway Unit is vulnerable to stored XSS in the "start_addr" parameter. This could allow attackers to perform malicious action in which the XSS popup will affect all privileged users.

How to reproduce
===================
1. Login to the firmware as any user
2. Navigate to Manage tab--> Security Management
3. Enter any valid value in Start Source Address and fill all other fields. Click Add.
4. Capture this request in Burp Suite. Enter payload <script>alert(1)</script> in "start_addr" text box and forward the request.
5. Relogin as any user and again navigate to Manage tab--> Security Management
6. Observe the XSS popup showing persistent XSS