{"vuid":"VU#941108","idnumber":"941108","name":"NetCommWireless NB604N ADSL2+ Wireless N300 Modem Router contains a stored cross-site scripting vulnerability","keywords":["cve-79","xss","modem","router","netcommwireless"],"overview":"NetCommWireless NB604N ADSL2+ Wireless N300 Modem Router contains a stored cross-site scripting (XSS) vulnerability.","clean_desc":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') NetCommWireless NB604N ADSL2+ Wireless N300 Modem Routers running software version GAN5.CZ56T-B-NC.AU-R4B010.EN contain a stored cross-site scripting (XSS) vulnerability. A remote attacker can perform a stored cross-site scripting (XSS) attack against an authenticated user through the web interface by manipulating single quotes in the WPA key variable (wlWpaPsk). The Wireless -> Security page (wlsecurity.html) contains an unsanitized parameter wlWpaPsk which, when submitted, is stored as the Javascript variable wpaPskKey.","impact":"A remote attacker can perform a stored cross-site scripting (XSS) attack against an authenticated user through the web interface allowing them to run scripts with the permission of the authenticated user.","resolution":"Apply an Update\nNetCommWireless has provided an updated firmware version, GAN5.CZ56T-B-NC.AU-R4B030.EN, for download on their support site.","workarounds":"","sysaffected":"","thanks":"Thanks to Katie Duczmal for reporting this vulnerability.","author":"This document was written by Chris King.","public":["http://cwe.mitre.org/data/definitions/79.html","http://support.netcommwireless.com/product/adsl/nb604n"],"cveids":["CVE-2014-4871"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-08-15T12:08:50Z","publicdate":"2014-10-06T00:00:00Z","datefirstpublished":"2014-10-06T17:18:48Z","dateupdated":"2014-10-06T17:18:57Z","revision":8,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"3.5","cvss_basevector":"AV:N/AC:M/Au:S/C:P/I:N/A:N","cvss_temporalscore":"3.1","cvss_environmentalscore":"2.34206721","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}