cbcvebase.
CVE-2021-38702
published 2021-08-17

CVE-2021-38702: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.

PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.93%
93.3th percentile
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.

Affected

1 ranges
VendorProductVersion rangeFixed in
cyberoamworksnetgenie_c0101b1-20141120-ng11vo_firmware<= 2021-08-14

Detection & IOCsextracted from sources · hover to see the quote

url/tweb/ft.php?u=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
path/tweb/ft.php
  • Look for GET requests to /tweb/ft.php with a URL-encoded XSS payload in the 'u' parameter (e.g., </script><script>alert(...)</script>)
  • Reflected XSS payload 'alert(document.domain)' will appear verbatim in the HTTP 200 text/html response body when the vulnerability is triggered
  • Exploitation requires no authentication (PR:N) and targets the 'u' parameter of ft.php via reflected XSS; monitor for URL-encoded script tags in requests to this endpoint
  • ·Vulnerability is specific to Cyberoam NetGenie firmware version C0101B1-20141120-NG11VO on devices manufactured through 2021-08-14; other firmware versions are not confirmed affected

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.