Sunday, February 9, 2020

[Digi TransPort] Stored XSS on WR Family series (CVE-2020-8822)


The Digi TransPort WR family is a set of cellular routers that provides secure way wireless connectivity to remote sites for primary or backup wireless broadband network connectivity. This devices are designed for enterprise, retail, transportation, financial, remote office and network backup applications.
In one of my researches, I decided to test some basic vulnerabilitys on some of this products in order to learn more about this type of devices.


In one of my researches, I decided to test some basic vulnerabilitys on some of this products in order to learn more about this type of devices. A little search in Shodan, allows us to see that exist at least 170 exposed devices on the world.




As usual, we start searching for some default credentials to gain access to the administration panel. The manual indicates us that the default credentials of these devices are username:password.




With a bit of luck, we can enter to some of these devices hosted on the internet.





Exploring the multiples options on the left panel, I decided to modify some of the device information, in order to trigger a little Cross Site Scripting vulnerability in the Home view of the web application. For this, we navigated to Configuration --> System --> Device Identity and modify any of the fields that can be visualized in the Home view. In this case, we edit the Hostname field with a very common payload.






Now, If we navigate to the home view, the stored XSS is triggered.





Clean and simple, this vulnerability can be triggered with a common payload, allowing to an attacker abuse the veracity of the information.

Tested devices:
- TransPort WR21 (95 exposed devices according to shodan)
- TransPort WR44  (41 exposed devices according to shodan)
- TransPort WR44v2  (16 exposed devices according to shodan)


@h4tt0r1

H4tt0r1

Autor

1 comentarios:

  1. Best Equipment Rental Solutions for the construction, industrial and Event requirements and highly effective inhouse production

    ReplyDelete

 
biz.