[EndRun] - NTP servers - Nonauthenticated XSS Reflected [ CVE-2023-38967 ]

 









EndRun Technologies is dedicated to the development and refinement of the technologies required to fulfill the demanding needs of the time and frequency community.

--------------------------------------------------------------------------------------------------------------------------

EndRun NTP servers present vulnerabilities that allow an unauthenticated attacker to inject malicious javascript code (Cross-site Scripting - XSS).


Requirements:
- Authenticated
- HTTPS
- Accessible from the internet

Affected Devices:

  •   Tempus LX CDMA Network Time Server
  •   Sonoma Network Time Server GPS-Synchronized
  •   RTM3205 Precision Timing Module
  •   Meridian II 2U Precision TimeBase
  •   Unison CDME NEtwork Time Server
Affected Components:
  •   ftp_linux_wait.php - Parameter [ login_name ]
  •   reboot.php - Parameters [user & pass ]

ftp_linux_wait.php




reboot.php



















CVE: CVE-2023-38967
By: @Linuxmonr4

Comentarios

Publicar un comentario

Entradas populares