Tuesday, January 14, 2020

[Ruckus Wireless] Authenticated Stored XSS Vulnerability in Ruckus ZoneFlex R310 (CVE-2020-7234)

[Ruckus Wireless] Authenticated Stored XSS Vulnerability in Ruckus ZoneFlex R310

  


 ZoneFlex R310:

The platform used for the administration of Ruckus ZoneFlex R310 access points, version 104.0.0.0.1347, is critically vulnerable to Stored Cross-Site scripting issue.

Performing a simple search in shodan, it is possible to visualize around 18,000 devices exposed to the Internet, several of which use default credentials.


Proof of Concept

To reproduce a proof of concept, it is necessary to have valid credentials to access the administration panel. By default, the credentials of this platform are. Username: super, Password: sp-admin

Once inside, we go to:

Configuration > Radio 2.4G > Wireless X

We enter our payload in the SSID field.


Then, we go to:

Status > Radio 2.4G > Wireless X

And finally, We can see the XSS triggered there.


By @S4mnez

CesarSilence

Autor

0 comentarios:

Post a Comment

 
biz.