[DCA-00017] LinkSys BEFSR41 Multiple Stored Xss

[Ewerson Guimarães (Crash) - Dclabs <crash () dclabs com br>]

[DCA-00017] LinkSys BEFSR41 Multiple Stored Xss

[Software/Hardware]
- LinkSys DSL Router BEFSR41 V2

[Vendor Product Description]
- This Router will allow your computers to share a high-speed Internet
connection as well as resources, including files and printers.


[Bug Description]
- Linksys does not validate the input size leading to stored Xss bug.
- Host name,User Name(PPPoE and PPTP),Customized Applications and
other fields are vulnerable.

[History]
- Advisory sent to vendor on 01/03/2011.
- Vendor reply 01/03/2011
- Published 01/04/2011

[Impact]
- Low

[Affected Version]
- LinkSys DSL Router BEFSR41 V2
- Firmware:
1.30
1.33.1
1.34
1.35
1.36
1.36T4(beta)
1.37
1.37.1(j)
1.38.5
1.39
1.40.1
1.40.2
1.42.3
1.42.6
1.42.7
1.43
1.43.3
1.44
1.44.2
1.46.2

[Vendor Reply]
- According to the vendor, this hardware is deprecated

[Codes]
Example in Customized Applications fields:
'><h1>B</h1>

----------------------------------------------------------------------------------------

[Credits]
DcLabs Security Group
Sponsor: Crash
crash () dclabs com br



--
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs Security Team
www.dclabs.com.br