CVE-2007-5562

Netgear SSL312 - Cross-Site Scripting via err Parameter in Login Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5562. PoCs published by SkyOut.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in NETGEAR ProSafe SSL VPN Concentrator 25-SSL312. It includes a URL example demonstrating how an attacker could inject malicious scripts via the 'err' parameter.

Description

Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SkyOut · textremotehardware

https://www.exploit-db.com/exploits/30673

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in NETGEAR ProSafe SSL VPN Concentrator 25-SSL312. It includes a URL example demonstrating how an attacker could inject malicious scripts via the 'err' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: NETGEAR ProSafe SSL VPN Concentrator 25-SSL312

No auth needed

Prerequisites: Access to the vulnerable web interface

MITRE ATT&CK