PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting
Overview
MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains a cross-site scripting vulnerability.
Description
MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability (CWE-79).
Impact
If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user’s web browser when accessing a crafted URL.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Credit
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.