[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page
- From: tudor.enache@xxxxxxxxxx
- Date: Thu, 23 Jan 2014 07:53:18 GMT
Advisory ID: hag201476
Product: Mediatrix Web Management Interface
Vendor: Media5 Corporation
Vulnerable Version(s): Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and
probably prior
Tested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186
Advisory Publication: January 23, 2014
Vendor Notification: November 13, 2013
Public Disclosure: January 23, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-1612
Risk Level: Medium
CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution not yet released
Discovered and Provided: Help AG Middle East
------------------------------------------------------------------------
-----------------------
about the vendor:
Media5 products and technologies are deployed in millions of broadband
connected devices including smartphones, set-top boxes, and a wide variety of
telecommunications equipment and applications.
Our VoIP expertise went on to deliver the Mediatrix family of VoIP ATAs and
Gateways, and now includes a suite of voice and video mobility solutions and
the M5T family of secure SIP-based solutions for the telecommunications
marketplace.
Advisory Details:
During a Pentest Help AG discovered the following:
Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management
Interface, found in the login page, allows remote attackers to inject arbitrary
web scripts or HTML via the vulnerable parameter ?username?
1) Cross-Site Scripting (XSS) in Mediatrix Web Management Interface:
CVE-2014-1612
As proof of concept, one needs to access the following URL on a Mediatrix Web
Interface:
http://<<MediatrixWebInterfaceIP/Host>>/login.esp?r=system_info.esp&username=%22/%3E%3Cscript%3Ealert%281%29%3C/script%3E
Hackers could craft malicious URLs and send them to system admins to try to
gain access to the administrative interface of the Mediatrix Device. As the
targeted Mediatrix device in our case is used for providing voice over IP
(VoIP) connectivity to ISDN telephones, the attacker could even set up his
rogue SIP server, replace the original one in the Mediatrix configuration and
listen to all corporate calls if an administrative account is compromised via
the XSS in the login page.
------------------------------------------------------------------------
-----------------------
Solution:
The vendor was notified, contact the vendor for the patch details
------------------------------------------------------------------------
-----------------------
References:
[1] help AG middle East http://www.helpag.com/.
[2] Media5 Corporation http://www.mediatrix.com/en/company
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ -
international in scope and free for public use, CVE® is a dictionary of
publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to
developers and security practitioners, CWE is a formal list of software
weakness types.
------------------------------------------------------------------------
-----------------------
Disclaimer: The information provided in this Advisory is provided "as is" and
without any warranty of any kind. Details of this Advisory may be updated in
order to provide as accurate information as possible.