Linksys EA7500 2.0.8.194281 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 26th, 2021 📆 | 2112 Views ⚑

0

Linksys EA7500 2.0.8.194281 Cross Site Scripting ≈ Packet Storm

# Exploit Title: Linksys EA7500 2.0.8.194281 – Cross-Site Scripting
# Date: 3/24/21
# Exploit Author: MiningOmerta
# Vendor Homepage: https://www.linksys.com/
# Version: EA7500 Firmware Version: 2.0.8.194281
# CVE: CVE-2012-6708
# Tested On: Linksys EA7500 (jQuery version 1.7.1)

# Cross-Site Scripting Vulnerability on modern versions of Linksys Smart-Wifi home routers.
# Caused by outdated jQuery(strInput) version : < = 1.7.1 (Fixed in version 1.9.0)
# Credit also to Reddit user michael1026

###
POC
###

1. When logging into the router (http://LHOST or http://LHOST:10080), choose “Click Here”
next to “Dont Have an Account? ” or Choose “click here” after “To login with your Linksys Smart Wi-Fi account”,
you will be redirected with a login prompt with both Email Address and Password forms.

2. Make your email address “” without the double quotes.

3. Payload will be triggered when mouse is clicked anywhere within the Email Address form box or when form is submitted.

Source link

Tagged with:



Leave a Reply