Cyberoam NetGenie Cross Site Scripting

Cyberoam NetGenie with a firmware version of C0101B1-20141120-NG11VO suffers from a cross site scripting vulnerability.


MD5 | 23d3c96b793c9e3fb0836031803341da

# Title: Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Reflected Cross Site Scripting (XSS)
# Date: 14.08.2021
# Credit: Gionathan "John" Reale
# Firmware Version: C0101B1-20141120-NG11VO
# CVE-2021-38702
################################################################################

DESCRIPTION:

Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.

POC:

After connecting to the network via the NetGenie router a page is displayed suggesting a redirect, within the redirect parameter it is possible to execute reflected Cross Site Scripting, the component affected is "hxxp:/URL/tweb/ft.php?u="



Related Posts