ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
attacker from gaining access if an attack is successful.<br />
Proof of Concept Exploit<br />
♦ The Guest Access PSK field is susceptible to JavaScript and HTML injection.<br />
Figure 12 – N300 XSS #1 <br />
Disclosure Timeline<br />
♦ 4/3/2013 - Notified Belkin<br />
♦ 4/15/2013 - Public Disclosure<br />
*In between the initial notification and the public disclosure, <strong>ISE</strong> reached out to Belkin multiple times<br />
requesting that our vulnerabilities were escalated to the proper support team.<br />
References<br />
♦ Advisory/Video: http://infosec42.blogspot.com<br />
♦ http://securityevaluators.com/content/case-studies/<br />
Credit<br />
♦ Discovered By: Jacob Holcomb – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
♦ Exploited By: Jacob Holcomb – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
<br />
77