Skip to content
This repository has been archived by the owner on Feb 7, 2023. It is now read-only.
/ CVE-2020-26733 Public archive

SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 Cross Site Scripting (XSS) Vulnerability

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

swzhouu/CVE-2020-26733

BranchesTags

Repository files navigation

CVE-2020-26733

SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 Cross Site Scripting (XSS) Vulnerability

Description

Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.

Additional Information

Remediation uses appropriate response headers. To prevent XSS in HTTP responses that are not intended to contain any HTML or JavaScript. Using the Content-Type and X-Content-Type-Options headers ensures that browsers interpret the responses in the way intended.

Vulnerability Type

Cross Site Scripting (XSS)

Vendor of Product

SKYWORTH

Affected Product Code Base

SKYWORTH GN542VF - Hardware Version 2.0 and Software Version 2.0.0.16

Affected Component

DDNS Configuration Section in Configuration page of SKYWORTH GN542VF Router.

Attack Type

Local

Impact Code execution

true

Impact Information Disclosure

true

CVE Impact Other

Disclosure of the user's session cookie, allowing an attacker to hijack the user's session and take over the account.

Attack Vectors

To exploit the vulnerability, the attacker must be authenticated.

Discoverer

Jiraput Thamsongkrah

Proof of Concept

Alt text

About

SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 Cross Site Scripting (XSS) Vulnerability

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published