CVE-2021-38702
published 2021-08-17CVE-2021-38702: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.
PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.93%
93.3th percentile
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberoamworks | netgenie_c0101b1-20141120-ng11vo_firmware | <= 2021-08-14 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to /tweb/ft.php with a URL-encoded XSS payload in the 'u' parameter (e.g., </script><script>alert(...)</script>) ↗
- →Reflected XSS payload 'alert(document.domain)' will appear verbatim in the HTTP 200 text/html response body when the vulnerability is triggered ↗
- →Exploitation requires no authentication (PR:N) and targets the 'u' parameter of ft.php via reflected XSS; monitor for URL-encoded script tags in requests to this endpoint ↗
- ·Vulnerability is specific to Cyberoam NetGenie firmware version C0101B1-20141120-NG11VO on devices manufactured through 2021-08-14; other firmware versions are not confirmed affected ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4w7p-gxj7-3x2q: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft
ghsa_unreviewed·2022-05-24
CVE-2021-38702 [MEDIUM] CWE-79 GHSA-4w7p-gxj7-3x2q: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.
VulnCheck
cyberoamworks netgenie_c0101b1-20141120-ng11vo_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2021·CVSS 6.1
CVE-2021-38702 [MEDIUM] cyberoamworks netgenie_c0101b1-20141120-ng11vo_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
cyberoamworks netgenie_c0101b1-20141120-ng11vo_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.
Affected: cyberoamworks netgenie_c0101b1-20141120-ng11vo_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip; https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389
No detection rules found.
Nuclei
Cyberoam NetGenie Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-38702 [MEDIUM] Cyberoam NetGenie Cross-Site Scripting
Cyberoam NetGenie Cross-Site Scripting
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the 'u' parameter of ft.php.
Template:
id: CVE-2021-38702
info:
name: Cyberoam NetGenie Cross-Site Scripting
author: geeknik
severity: medium
description: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the 'u' parameter of ft.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patches or firmware updates provided by the ve
http://packetstormsecurity.com/files/163859/Cyberoam-NetGenie-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2021/Aug/20http://www.cyberoamworks.com/NetGenie-Home.asphttps://seclists.org/fulldisclosure/2021/Aug/20http://packetstormsecurity.com/files/163859/Cyberoam-NetGenie-Cross-Site-Scripting.htmlhttp://seclists.org/fulldisclosure/2021/Aug/20http://www.cyberoamworks.com/NetGenie-Home.asphttps://seclists.org/fulldisclosure/2021/Aug/20
2021-08-17
Published
Exploited in the wild