ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Attack Requirements<br />
♦ Authentication is required to set the XSS payload.<br />
♦ The victim must later view the page with the injected XSS payload.<br />
Details<br />
♦ Other firmware versions were not tested and may be vulnerable.<br />
Impact<br />
♦ When an unsuspecting user views the page containing injected JavaScript code,<br />
the victim’s browser willingly executes the code.<br />
Recommendations to the Vendor<br />
♦ Sanitize all user input and output.<br />
♦ Additional information for vendors regarding immediate and long term fixes for<br />
these issues can be found here: http://www.securityevaluators.com/content/casestudies/routers/#recommendationsVendors<br />
Solution<br />
♦ There is no solution to this problem.<br />
Proof of Concept Exploit<br />
1. Browse to the Parental Controls section of the Linksys EA6500.<br />
2. Enter JavaScript into the Blocked Specific Sites section.<br />
<br />
52