source: https://www.securityfocus.com/bid/32975/info
COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities:
- Multiple unauthorized-access vulnerabilities
- An information-disclosure vulnerability
- Multiple cross-site scripting vulnerabilities
- A denial-of-service vulnerability
- Multiple buffer-overflow vulnerabilities
Attackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.
The following firmware versions are vulnerable; additional versions may also be affected:
CT-536 A101-302JAZ-C01_R05
HG-536+ A101-302JAZ-C01_R05 and A101-302JAZ-C03_R14.A2pB021g.d15h
http://www.example.com/scvrtsrv.cmd?action=add&srvName=%3Cscript%3Ealert(%22XSS%22)%3C/script%3E&srvAddr=192.168.1.1&proto=1,&eStart=1,&eEnd=1,&iStart=1,&iEnd http://www,example.com/password.html