Home page logo

bugtraq logo Bugtraq mailing list archives

Multiple Vulnerabilities in Netgear FVS318 Router
From: Paul Kurczaba <advisories () securinews com>
Date: Mon, 17 Jan 2005 01:24:03 -0500

Multiple Vulnerabilities in Netgear FVS318 Router


The Netgear FVS318 is an easy to use, firewall/router designed for home users and small businesses. SecuriNews Research 
has found 2 vulnerabilities in the router.

Netgear (http://www.netgear.com)

Affected Systems/Configuration:
2.4, possibly others


1) By using HEX encoded characters, it is possible to bypass the URL filter. For example, if the router administrator 
blocks the phrase ".exe"; a user can encode one or more characters in the URL phrase to bypass the filter. If we encode 
the 'x' in ".exe", the new phrase ".e%78e" will bypass the filter.

2) The content filter/log viewer contains a Cross Site Scripting vulnerability. When a user tries to access a blocked 
URL phrase, it is logged in the Security Log. If a user were to inject JavaScript into a blocked URL phrase, the 
JavaScript would be executed by the admin's browser when the security log is viewed.

Proof of Concept:

1) Example above.

2) If the router administrator has blocked the URL phrase ".exe", a user can inject JavaScript as follows:


Note: The string "</textarea>" must be added before the injected JavaScript, as the security log is placed in a text 


Date Discovered:
January 14, 2005


SecuriNews Research

  By Date           By Thread  

Current thread:
  • Multiple Vulnerabilities in Netgear FVS318 Router Paul Kurczaba (Jan 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]