| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jan 2016 16:41:26 +0530 From: CSW Research Lab <disclose@...ersecurityworks.com> To: cve-assign@...re.org, oss-security@...ts.openwall.com Cc: fulldisclosure@...lists.org, submissions@...ketstormsecurity.com, fulldisclosure-request@...lists.org, bugs@...uritytracker.com, packet@...ketstormsecurity.com Subject: [FD] Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24 Hi, Can you assign CVE id to this flaw? Details ================ #Product Vendor: Netgear #Netgear GPL: http://kb.netgear.com/app/answers/detail/a_id/2649/~/netgear-open-source-code-for-programmers-(gpl) http://www.gnu.org/licenses/gpl.txt #Bug Name: Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24 #Software: Netgear Router JNR1010 Firmware #Version: 1.0.0.24 #Last Updated: 10-06-2015 <http://kb.netgear.com/app/answers/detail/a_id/29270/~/jnr1010-firmware-version-1.0.0.24> #Homepage: http://netgear.com/ #Severity High #Status: Fixed <http://kb.netgear.com/app/answers/detail/a_id/30177/~/jnr1010-firmware-version-1.0.0.32> #CVE : not assigned #POC Video URL: https://www.youtube.com/watch?v=tET-t-3h7TU Description ================ Using this flaw, an attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use. Technical Details ================ Created a forged request changing the value of any variable, here it is *:InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL *variable in the URL http://router-ip/cgi-bin/webproc and sent it to victim forcing him/her to click on the malicious link generated by an attacker with different session allows an attacker to change the settings of the victim’s router. For more, also refer - https://github.com/cybersecurityworks/Disclosed/issues/13 *Note:* Similarly, we can manipulate any request and can force victim to access the link generated by the attacker to make changes to the router settings without victim’s knowledge. Advisory Timeline ================ 28/10/2015 - Discovered in Netgear Router JNR1010 Firmware Version 1.0.0.24 28/10//2015 - Reported to vendor through support option but, no response 30/10//2015 - Reported to vendor through another support option available here <http://support.netgear.com/for_home/default.aspx>. But, again no response. 03/11/2015 - Finally, Technical Team started addressing about the issue after so many follow ups through phone/mail. 13/12/2015 - Vulnerability got fixed & case was closed. 30/12/2015 - Netgear Released updated version 1.0.0.32 <http://kb.netgear.com/app/answers/detail/a_id/30177/~/jnr1010-firmware-version-1.0.0.32> Fix ================ https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Credits & Authors ================ Sathish Kumar <sathish@...ersecurityworks.com> from cybersecurityworks Pvt Ltd <http://www.cybersecurityworks.com/> About Cybersecurityworks ================ Cybersecurity Works is basically an auditing company passionate working on findings & reporting security flaws & vulnerabilities on web application and network. As professionals, we handle each client differently based on their unique requirements. Visit our website <http://www.cybersecurityworks.com/> for more information. -- ---------- Cheers !!! Team CSW Research Lab <http://www.cybersecurityworks.com> _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists