|
Description
|
|
Two security issues and a vulnerability have been reported in ZyXEL GS1510, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting attacks.
1) The application transmits credentials to webctrl.cgi and via cookie values in plaintext. This can be exploited to intercept the credentials by e.g sniffing network traffic or via a Man-in-the-Middle (MitM) attack.
2) Input passed via the URL to e.g. images is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The security issues and vulnerability are reported in Zyxel GS1510-16 and Zyxel GS1510-24 firmware version V1.00(BVN.1). Other versions may also be affected.
|
