[EndRun] - NTP servers - Nonauthenticated XSS Reflected

julio 16, 2023

[EndRun] - NTP servers - Nonauthenticated XSS Reflected

EndRun Technologies is dedicated to the development and refinement of the technologies required to fulfill the demanding needs of the time and frequency community.

--------------------------------------------------------------------------------------------------------------------------

EndRun NTP servers present vulnerabilities that allow an unauthenticated attacker to inject malicious javascript code (Cross-site Scripting - XSS).

Affected Devices:

Tempus LX CDMA Network Time Server
Sonoma Network Time Server GPS-Synchronized
RTM3205 Precision Timing Module
Meridian II 2U Precision TimeBase
Unison CDME NEtwork Time Server

Affected Components:

ftp_linux_wait.php - Parameter [ login_name ]
reboot.php - Parameters [user & pass ]

ftp_linux_wait.php

reboot.php

By: @Linuxmonr4

Buscar este blog

Cacharros in the wild

[EndRun] - NTP servers - Nonauthenticated XSS Reflected

ftp_linux_wait.php

reboot.php

Comentarios

Publicar un comentario

Entradas populares

[EVERTZ] - Path Transversal && Arbitrary File Upload = SHELL [CVE-2020-22159 ]

[ITERIS] - Vantage Velocity Field Unit - Os Code Injection - (CVE-2020-9020)