CVE-2018-15533
published 2018-08-21CVE-2018-15533: A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or…
PriorityP338medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.61%
83.5th percentile
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geutebrueck | re_porter_16_firmware | < 7.8.974.20 | 7.8.974.20 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 2
suricata·2018-08-22
CVE-2018-15533 ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 2
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 2
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 2"; flow:established,to_server; http.uri; content:"/images/IOMemoryPool.png?"; pcre:"/^[^&]+(?:s(?:cript|tyle\x3D)|on(?:mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ri"; reference:cve,2018-15533; reference:url,exploit-db.com/exploits/45242/; classtype:attempted-user; sid:2026010; rev:3; metadata:attack_target IoT, created_at 2018_08_22, cve CVE_2018_15533, deployment Datacenter, signature_severity Major, updated_at 2020_08_25;)
Suricata
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 1
suricata·2018-08-22
CVE-2018-15533 ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 1
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 1
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 1"; flow:established,to_server; http.uri; content:"/modifychannel/exec?"; pcre:"/^[^&]+(?:s(?:cript|tyle\x3D)|on(?:mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ri"; reference:cve,2018-15533; reference:url,exploit-db.com/exploits/45242/; classtype:attempted-user; sid:2026009; rev:3; metadata:attack_target IoT, created_at 2018_08_22, cve CVE_2018_15533, deployment Datacenter, signature_severity Major, updated_at 2020_08_25;)
Suricata
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 3
suricata·2018-08-22
CVE-2018-15533 ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 3
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 3
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 3"; flow:established,to_server; http.uri; content:"/images/Statistics.png?"; pcre:"/^[^&]+(?:s(?:cript|tyle\x3D)|on(?:mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ri"; reference:cve,2018-15533; reference:url,exploit-db.com/exploits/45242/; classtype:attempted-user; sid:2026011; rev:3; metadata:attack_target IoT, created_at 2018_08_22, cve CVE_2018_15533, deployment Datacenter, signature_severity Major, updated_at 2020_08_25;)
Suricata
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 4
suricata·2018-08-22
CVE-2018-15533 ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 4
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 4
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 4"; flow:established,to_server; http.uri; content:"/images/GLIBBackground.jpg?"; pcre:"/^[^&]+(?:s(?:cript|tyle\x3D)|on(?:mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ri"; reference:cve,2018-15533; reference:url,exploit-db.com/exploits/45242/; classtype:attempted-user; sid:2026012; rev:3; metadata:attack_target IoT, created_at 2018_08_22, cve CVE_2018_15533, deployment Datacenter, signature_severity Major, updated_at 2020_08_25;)
Suricata
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 6
suricata·2018-08-22
CVE-2018-15533 ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 6
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 6
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 6"; flow:established,to_server; http.uri; content:"/images/ProcessMemory.png?"; pcre:"/^[^&]+(?:s(?:cript|tyle\x3D)|on(?:mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ri"; reference:cve,2018-15533; reference:url,exploit-db.com/exploits/45242/; classtype:attempted-user; sid:2026014; rev:3; metadata:attack_target IoT, created_at 2018_08_22, cve CVE_2018_15533, deployment Datacenter, signature_severity Major, updated_at 2020_08_25;)
Suricata
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 5
suricata·2018-08-22
CVE-2018-15533 ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 5
ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 5
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Geutebrueck re_porter 16 - Cross-Site Scripting 5"; flow:established,to_server; http.uri; content:"/images/MainMemoryPool.png?"; pcre:"/^[^&]+(?:s(?:cript|tyle\x3D)|on(?:mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ri"; reference:cve,2018-15533; reference:url,exploit-db.com/exploits/45242/; classtype:attempted-user; sid:2026013; rev:3; metadata:attack_target IoT, created_at 2018_08_22, cve CVE_2018_15533, deployment Datacenter, signature_severity Major, updated_at 2020_08_25;)
No writeups or analysis indexed.
2018-08-21
Published