Edimax EW-7206APg And EW-7209APg Multiple Security Vulnerabilities
BID:57970
Info
Edimax EW-7206APg And EW-7209APg Multiple Security Vulnerabilities
| Bugtraq ID: | 57970 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 15 2013 12:00AM |
| Updated: | Feb 15 2013 12:00AM |
| Credit: | Michael Messner |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Edimax EW-7206APg And EW-7209APg Multiple Security Vulnerabilities
Edimax EW-7206APg and EW-7209APg are prone to the following vulnerabilities because they fail to sufficiently sanitize user-supplied input.
1. Multiple URI-redirection vulnerabilities
2. Multiple cross-site scripting vulnerabilities
3. Multiple HTML-injection vulnerabilities
4. An HTTP-header-injection vulnerability
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, insert arbitrary headers into an HTTP response, or conduct phishing attacks. Other attacks are also possible.
Edimax EW-7206APg and EW-7209APg are prone to the following vulnerabilities because they fail to sufficiently sanitize user-supplied input.
1. Multiple URI-redirection vulnerabilities
2. Multiple cross-site scripting vulnerabilities
3. Multiple HTML-injection vulnerabilities
4. An HTTP-header-injection vulnerability
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, insert arbitrary headers into an HTTP response, or conduct phishing attacks. Other attacks are also possible.
Exploit / POC
Edimax EW-7206APg And EW-7209APg Multiple Security Vulnerabilities
Attackers can exploit these issues with a browser. The cross-site scripting and URI redirection issues can be exploited by enticing an unsuspecting victim into following a malicious URI.
The following example URI and input data are available.
Attackers can exploit these issues with a browser. The cross-site scripting and URI redirection issues can be exploited by enticing an unsuspecting victim into following a malicious URI.
The following example URI and input data are available.
Solution / Fix
Edimax EW-7206APg And EW-7209APg Multiple Security Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Edimax EW-7206APg And EW-7209APg Multiple Security Vulnerabilities
References:
References: