Hyperoptic (Tilgin) Router HG23xx Multiple XSS And CSRF Vulnerabilities
Title: Hyperoptic (Tilgin) Router HG23xx Multiple XSS And CSRF Vulnerabilities
Advisory ID: ZSL-2016-5329
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 14.06.2016
lighttpd/1.4.26-devel-163573
[2] https://cxsecurity.com/issue/WLB-2016060094
[3] https://packetstormsecurity.com/files/137479
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/114135
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/114196
[16.06.2016] - Added reference [1], [2] and [3]
[21.06.2016] - Added reference [4] and [5]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2016-5329
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 14.06.2016
Summary
Tilgin's HG23xx family of products offers a flexible and high capacity product in a tiny form factor. When having the product in your hands, do not get fooled by its mere size. The product offers full gigabit routing and a state of the art superior WLAN solution. It runs all services offered with Tilgin HGA and is prepared for all foreseeable future services. The product is also offered in an entry level version with fast Ethernet LAN ports, still with gigabit Ethernet WAN. The routing capacity and excellent WLAN remains the same also on this model, the only limit being the fast Ethernet LAN ports.Description
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. XSS issues were also discovered. The issue is triggered when input passed via multiple POST and GET parameters are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.Vendor
Hyperoptic Ltd. | Tilgin AB - http://www.hyperoptic.com | http://www.tilgin.comAffected Version
HG2330, HG2302 and HG2301Tested On
lighttpd/1.4.26-devel-166445lighttpd/1.4.26-devel-163573
Vendor Status
N/APoC
hyperoptic_mv.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://www.exploit-db.com/exploits/39951/[2] https://cxsecurity.com/issue/WLB-2016060094
[3] https://packetstormsecurity.com/files/137479
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/114135
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/114196
Changelog
[14.06.2016] - Initial release[16.06.2016] - Added reference [1], [2] and [3]
[21.06.2016] - Added reference [4] and [5]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk