[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: CVE-2015-1437 XSS In ASUS Router.
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: Re: CVE-2015-1437 XSS In ASUS Router.
- From: kingkaustubh@xxxxxx
- Date: Wed, 4 Feb 2015 17:19:10 GMT
Here is the exact conversation
ASUS CASEID=RTM20150115204498-295 Please click here if you wish to reply
this mail!
Dear Kaustubh,
Thank you for the information, we really appreciate your feedback.
To improve our customers experience we have forwarded your information to
related dept., the concerned dept.
Wish you a nice day!
Thanks and Regards,
Mathew M.
Asus Customer Service.
---------- Original Message ----------
From : kingkaustubh@xxxxxxxxxx
Sent : 15-Jan-15 6:49:07 PM
To : "techsupport@xxxxxxxx"
Subject : Re: Re:Re:<TSD> Satisfaction-IND(EN) : Security vulnerability in this
router [ID=RTM20150109203637-986]
[CASEID=TM20150115204498]
Dear Mathew
Please find attached for the XSS without authentication BUG attached is the POC
for
the same
as mention in Portal reply :)
On Jan 11, 2015, at 11:05 PM, mathew_m wrote:
ASUS CASEID=RTM20150109203637-986
Dear Kaustubh,
We apologize for any inconvenience that has been caused in reply to your email
and
we really appreciate your feedback.
To improve our customers experience we have forwarded your information to
related
dept., the concerned dept. would contact you for further assistance.
Wish you a nice day!
Thanks and Regards,
Mathew M.
Asus Customer Service.
---------- Original Message ----------
From : kingkaustubh@xxxxxxxxxx
Sent : 09-Jan-15 6:19:10 PM
To : "techsupport@xxxxxxxx"
Subject : Re: Satisfaction-IND(EN) : Security vulnerability in this router
[ID=RWTM20150109014017580-918]
[CASEID=TM20150109203637]
Dear Mathew M.,
This is for information security department and developer who develop the
firmware
for ASUS router,
Issue
The value of the flag request parameter is copied into a JavaScript string
which is
encapsulated in single quotation marks. The payload
78846';alert(1337)//372137b5d
was submitted in the flag parameter. This input was echoed unmodified in the
application's response.
Please find attached POC for the details of concept and Please revert on
priority and
register a CVE ID for Same, I am planing to submit the same to
https://forms.cert.org/VulReport/ for making this Public once got confirmation
from
your side
On Jan 09, 2015, at 01:54 AM, mathew_m wrote:
ASUS CASEID=RWTM20150109014017580-918
Dear Kaustubh,
Thank you for contacting ASUS technical support.
We request you to please help us with more details of the issue so that we
could
forward your details to the concerned dept.
Do let us know if you face any doubts or queries.
Thanks and Regards,
Mathew M.
Asus India support team.
---------- Original Message ----------
From : kingkaustubh@xxxxxx
Sent : 08-Jan-15 5:40:17 PM
To : "techsupport@xxxxxxxx"
Subject : Satisfaction-IND(EN) : Security vulnerability in this router
[CASEID=WTM20150109014017580]
Apply date : 2015/01/08 17:40:17(UTC Time)
[Contact Information]
Name : Kaustubh Padwad
Email Address : kingkaustubh@xxxxxx
Phone Number : 9186001461111
Country : India[भारत
गणराज्य ]
[Product Information]
Product Type : Wireless
Product Model : RT-N10 Plus
Product S/N : CAISNE001110
[Comment]
Subject : Security vulnerability in this router
Topic : 3. Others
Description :
Dear team,
I am kaustubh padwad security researcher from india, i found a security
Vulnerability
in your product assus router N10Plus is vulnerable i don't know where to drop a
mail
so kindly contact via email for full discloses.i just need a correct email
address to
disclose the POC of vulnerability
Sent from my iPhone