advisories,

CVE-2006-3929: Zyxel Prestige 660H-61 Cross-Site Scripting

Jose Ramon Palanco Jose Ramon Palanco Follow Jul 31, 2006 · 1 min read
CVE-2006-3929: Zyxel Prestige 660H-61 Cross-Site Scripting
Share this

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.

Researcher

José Ramón Palanco: jpalanco@gmail.com

Details

Timeline

  • Discovered: 26/10/2006
  • Published: 8/01/2007

Vulnerability

Cross Site Scripting

Zyxel Prestige 660H-61 ADSL Router is vulnerable to a security vulnerability that allows Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can exploit a cross-site scripting in this script:

http://router/Forms/rpSysAdmin?a=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Products and Versions

  • Vendor: Zyxel
  • Product: Prestige 660h-61
  • Version: Firmware 3.40 Pt.0 B32

CPE v2.3

cpe:2.3:h:zyxel:prestige_660h-61:firmware_3.40_pt.0_b32:::::::*

CVSS Scores & Vulnerability Types

Name Value
CVSS Score 4.3
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Cross Site Scripting
CWE ID CWE id is not defined for this vulnerability

References

Jose Ramon Palanco
Written by Jose Ramon Palanco Follow
Jose Ramón Palanco currently holds CEO/CTO positions at EpicBounties since June 2021. In the past he founded Dinoflux at 2014, a Threat Intelligence startup acquired by Telefonica, currently he works for 11paths since 2018. He worked also for Ericsson at R&D department and Optenet (Allot). He studied Telecommunications Engineering at the University of Alcala de Henares and Master of IT Governance at the University of Deusto. He has been a speaker at OWASP, ROOTEDCON, ROOTCON, MALCON, and FAQin... He has published several CVE and different open source tools for cybersecurity like nmap-scada, ProtocolDetector, escan, pma, EKanalyzer, SCADA IDS, ...