PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting

Overview

MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains a cross-site scripting vulnerability.

Description

MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability (CWE-79).

Impact

If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user’s web browser when accessing a crafted URL.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Credit

Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

نوشته های مشابه