CVE-2021-3014
published 2021-01-04CVE-2021-3014: In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.93%
56.1th percentile
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mikrotik | routeros | <= 2021-01-04 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
exploitdb·2021-09-23·CVSS 7.5
CVE-2021-40875 [HIGH] Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
---
# Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
# Date: 22/09/2022
# Exploit Author: Sick Codes & JohnJHacking (Sakura Samuraii)
# Vendor Homepage: https://www.gurock.com/testrail/
# Version: 7.2.0.3014 and below
# Tested on: macOS, Linux, Windows
# CVE : CVE-2021-40875
# Reference: https://johnjhacking.com/blog/cve-2021-40875/
CVE-2021-40875: Improper Access Control in Gurock TestRail versions ./files.md5
while read -r HASH SUFFIX; do
echo "${SUFFIX}"
TESTING_URL="${TARGET}/${SUFFIX}"
echo "========= ${TESTING_URL} ========="
# Ignore list, some of these files MAY be world readable,
# if the organisation has modified permissions related
# to the below files otherwise, they are ignor
Nuclei
Gurock TestRail Application files.md5 Exposure
nuclei·CVSS 7.5
CVE-2021-40875 [HIGH] Gurock TestRail Application files.md5 Exposure
Gurock TestRail Application files.md5 Exposure
Improper access control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then be tested, and in some cases result in the disclosure of hardcoded credentials, API keys, or other sensitive data.
Template:
id: CVE-2021-40875
info:
name: Gurock TestRail Application files.md5 Exposure
author: oscarintherocks
severity: high
description: Improper access control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail
No writeups or analysis indexed.
https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.mdhttps://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.htmlhttps://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2021-01-04-mikrotik-xss-reflected.mdhttps://m4dm0e.github.io/2021/01/04/mikrotik-xss-reflected.html
2021-01-04
Published