Wednesday, August 18, 2021

Cyberoam NetGenie Cross Site Scripting

# Title: Cyberoam NetGenie (C0101B1-20141120-NG11VO) - Reflected Cross Site Scripting (XSS)
# Date: 14.08.2021
# Credit: Gionathan "John" Reale
# Firmware Version: C0101B1-20141120-NG11VO
# CVE-2021-38702
################################################################################

DESCRIPTION:

Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.

POC:

After connecting to the network via the NetGenie router a page is displayed suggesting a redirect, within the redirect parameter it is possible to execute reflected Cross Site Scripting, the component affected is "hxxp:/URL/tweb/ft.php?u="


 

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated