[EndRun] - NTP servers - Nonauthenticated XSS Reflected [ CVE-2023-38967 ]
EndRun Technologies is dedicated to the development and refinement of the technologies required to fulfill the demanding needs of the time and frequency community. -------------------------------------------------------------------------------------------------------------------------- EndRun NTP servers present vulnerabilities that allow an unauthenticated attacker to inject malicious javascript code (Cross-site Scripting - XSS). Requirements: - Authenticated - HTTPS - Accessible from the internet Affected Devices: Tempus LX CDMA Network Time Server Sonoma Network Time Server GPS-Synchronized RTM3205 Precision Timing Module Meridian II 2U Precision TimeBase Unison CDME NEtwork Time Server Affected Components: ftp_linux_wait.php - Parameter [ login_name ] reboot.php - Parameters [user & pass ] ftp_linux_wait.php reboot.php CVE: CVE-2023-38967 By: @Linuxmonr4