VAR-200501-0217
Vulnerability from variot - Updated: 2023-12-18 10:45Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. NetGear FVS318 is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to bypass URI filters and carry out cross-site scripting attacks. The following issues were identified: It is reported that an attacker can bypass URI filters of the device. The URI filter log viewer is reported prone to a cross-site scripting vulnerability. The research report specified that FVS318 devices with firmware 2.4 are vulnerable to these issues. FVS318 and FVS318v2 are shipped with firmware 2.4, however, it is possible that FVS318v3 and other firmware versions are affected as well. This BID will be updated when more information about affected packages is available. Multiple Vulnerabilities in Netgear FVS318 Router ------------------------------------------------------------------------ SUMMARY The http://www.netgear.com Netgear FVS318 is "an easy to use, firewall/router designed for home users and small businesses". SecuriNews Research has found 2 vulnerabilities in the router, one allows bypassing the product's content filtering mechanism while the other allows injecting arbitrary HTML and/or JavaScript into the product's log files which can then be used to attack the administrator of the router. DETAILS Content Filtering Bypass: By using HEX encoded characters, it is possible to bypass the URL filter. For example, if the router administrator blocks the phrase ".exe"; a user can encode one or more characters in the URL phrase to bypass the filter. If we encode the 'x' in ".exe", the new phrase ".e%78e" will bypass the filter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200501-0217",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fvs318",
"scope": "eq",
"trust": 1.9,
"vendor": "netgear",
"version": "2.4"
},
{
"model": "fvs318v2",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "2.4"
}
],
"sources": [
{
"db": "BID",
"id": "12278"
},
{
"db": "NVD",
"id": "CVE-2005-0291"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:fvs318:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0291"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Paul Kurczaba\u203b pkurczaba@att.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
],
"trust": 0.6
},
"cve": "CVE-2005-0291",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-11500",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-0291",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200501-252",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-11500",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11500"
},
{
"db": "NVD",
"id": "CVE-2005-0291"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. NetGear FVS318 is reported prone to multiple vulnerabilities. These issues result from insufficient sanitization of user-supplied data and may allow an attacker to bypass URI filters and carry out cross-site scripting attacks. \nThe following issues were identified:\nIt is reported that an attacker can bypass URI filters of the device. \nThe URI filter log viewer is reported prone to a cross-site scripting vulnerability. \nThe research report specified that FVS318 devices with firmware 2.4 are vulnerable to these issues. FVS318 and FVS318v2 are shipped with firmware 2.4, however, it is possible that FVS318v3 and other firmware versions are affected as well. This BID will be updated when more information about affected packages is available. Multiple Vulnerabilities in Netgear FVS318 Router ------------------------------------------------------------------------ SUMMARY The \u003chttp://www.netgear.com\u003e Netgear FVS318 is \"an easy to use, firewall/router designed for home users and small businesses\". SecuriNews Research has found 2 vulnerabilities in the router, one allows bypassing the product\u0027s content filtering mechanism while the other allows injecting arbitrary HTML and/or JavaScript into the product\u0027s log files which can then be used to attack the administrator of the router. DETAILS Content Filtering Bypass: By using HEX encoded characters, it is possible to bypass the URL filter. For example, if the router administrator blocks the phrase \".exe\"; a user can encode one or more characters in the URL phrase to bypass the filter. If we encode the \u0027x\u0027 in \".exe\", the new phrase \".e%78e\" will bypass the filter",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0291"
},
{
"db": "BID",
"id": "12278"
},
{
"db": "VULHUB",
"id": "VHN-11500"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-0291",
"trust": 2.0
},
{
"db": "BID",
"id": "12278",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "13787",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1012913",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "13012",
"trust": 1.7
},
{
"db": "XF",
"id": "18921",
"trust": 0.6
},
{
"db": "XF",
"id": "318",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20050117 MULTIPLE VULNERABILITIES IN NETGEAR FVS318 ROUTER",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20050117 MULTIPLE VULNERABILITIES IN NETGEAR FVS318 ROUTER",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200501-252",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-89399",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-11500",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11500"
},
{
"db": "BID",
"id": "12278"
},
{
"db": "NVD",
"id": "CVE-2005-0291"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
]
},
"id": "VAR-200501-0217",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-11500"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:45:14.830000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0291"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/12278"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-january/030984.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/13012"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1012913"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/13787"
},
{
"trust": 1.1,
"url": "http://www.securinews.com/vuln.htm?vulnid=103"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18921"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110599727631560\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/18921"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110599727631560\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/products/prod_details.asp?prodid=129"
},
{
"trust": 0.3,
"url": "/archive/1/387467"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=110599727631560\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11500"
},
{
"db": "BID",
"id": "12278"
},
{
"db": "NVD",
"id": "CVE-2005-0291"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-11500"
},
{
"db": "BID",
"id": "12278"
},
{
"db": "NVD",
"id": "CVE-2005-0291"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-11500"
},
{
"date": "2005-01-17T00:00:00",
"db": "BID",
"id": "12278"
},
{
"date": "2005-01-17T05:00:00",
"db": "NVD",
"id": "CVE-2005-0291"
},
{
"date": "2005-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-11500"
},
{
"date": "2009-07-12T10:06:00",
"db": "BID",
"id": "12278"
},
{
"date": "2017-07-11T01:32:12.063000",
"db": "NVD",
"id": "CVE-2005-0291"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear FVS318 LogViewer Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-252"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…