CVE-2006-3974

3Com OfficeConnect Secure Router 1.04-168 - Cross-Site Scripting via tk Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3974. PoCs published by Secunia Research.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in OfficeConnect Secure Router firmware 1.04-168. The exploit involves crafting a malicious URL with an XSS payload in the 'tk' parameter, which could execute arbitrary JavaScript in the context of the affected website.

Description

Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Secunia Research · textremotehardware

https://www.exploit-db.com/exploits/30164

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in OfficeConnect Secure Router firmware 1.04-168. The exploit involves crafting a malicious URL with an XSS payload in the 'tk' parameter, which could execute arbitrary JavaScript in the context of the affected website.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: OfficeConnect Secure Router firmware 1.04-168

No auth needed

Prerequisites: Access to the vulnerable router's web interface

MITRE ATT&CK