Информационная безопасность
[RU] switch to English


Уязвимости безопасности в ZyXEL SBG-3300
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13987
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, DoS.
Затронутые продукты:ZYXEL : ZyXEL SBG-3300
CVE:CVE-2014-7278 (The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.)
 CVE-2014-7278 (The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.)
 CVE-2014-7277 (Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.)
 CVE-2014-7277 (Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.)
Оригинальный текстdocumentmirko.casadei_(at)_gmail.com, CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway (05.10.2014)
 documentmirko.casadei_(at)_gmail.com, CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway (05.10.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород