8e6 R3000 Internet Filter Multiple Cross-Site Scripting Vulnerabilities
BID:24206
Info
8e6 R3000 Internet Filter Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 24206 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2970 |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | agentsteal is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
8E6 Technologies R3000 Internet Filter 2.0 (firmware) 8E6 Technologies R3000 Internet Filter 1.10.30 (firmware) 8E6 Technologies R3000 Internet Filter 1.10.20 (firmware) 8E6 Technologies R3000 Internet Filter 1.10.15 (firmware) 8E6 Technologies R3000 Internet Filter 1.10.10 (firmware) 8E6 Technologies R3000 Internet Filter 1.10.1 (firmware) 8E6 Technologies R3000 Internet Filter 1.10 (firmware) |
| Not Vulnerable: |
8E6 Technologies R3000 Internet Filter 2.0.5 (firmware) |
Discussion
8e6 R3000 Internet Filter Multiple Cross-Site Scripting Vulnerabilities
The 8e6 R3000 Internet Filter appliance is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Firmware versions prior to 2.0.05 are vulnerable.
The 8e6 R3000 Internet Filter appliance is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Firmware versions prior to 2.0.05 are vulnerable.
Exploit / POC
8e6 R3000 Internet Filter Multiple Cross-Site Scripting Vulnerabilities
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
8e6 R3000 Internet Filter Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor released firmware versions 2.0.0.5 to address this issue. Please contact the vendor for information on how to obtain and apply the new version.
Solution:
The vendor released firmware versions 2.0.0.5 to address this issue. Please contact the vendor for information on how to obtain and apply the new version.
References
8e6 R3000 Internet Filter Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- 8e6 R3000 Homepage (8e6 Technologies)
- R3000 Software Updates (8e6 Technologies)