JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities
Title: JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities
Advisory ID: ZSL-2022-5708
Type: Local/Remote
Impact: Cross-Site Scripting, Spoofing, System Access
Risk: (4/5)
Release Date: 14.06.2022
1.0.62
1.0.55
[2] https://cxsecurity.com/issue/WLB-2022060058
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/229355
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/229356
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/229344
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/229343
[21.06.2022] - Added reference [1]
[23.06.2022] - Added reference [2], [3], [4], [5] and [6]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2022-5708
Type: Local/Remote
Impact: Cross-Site Scripting, Spoofing, System Access
Risk: (4/5)
Release Date: 14.06.2022
Summary
This ONU is the perfect GEPON home and business gateway. It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND and COMBINED.Description
The device suffers from multiple vulnerabilities including: Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.Vendor
JM-DATA GmbH - https://www.jm-data.atAffected Version
1.0.671.0.62
1.0.55
Tested On
Boa/0.93.15Vendor Status
N/APoC
jm_data-JF511-TV_info.txtCredits
Vulnerability discovered by Neurogenesia - <neurogenesia@segfault.mk>References
[1] https://packetstormsecurity.com/files/167487/[2] https://cxsecurity.com/issue/WLB-2022060058
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/229355
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/229356
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/229344
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/229343
Changelog
[14.06.2022] - Initial release[21.06.2022] - Added reference [1]
[23.06.2022] - Added reference [2], [3], [4], [5] and [6]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
