Hi all, any news regarding CVE assignment ?
Regards, Marcin On 13/11/2019 23:34, Hauke Mehrtens wrote: > Security Advisory 2019-11-05-1 - LuCI stored XSS > > > DESCRIPTION > > A vulnerability has been reported in LuCI which allows injection of > script code through maliciously crafted wireless network SSIDs. > > When joining a wireless network by clicking Network -> Wireless -> Join, > the subsequent configuration view interprets the SSID of the network > to join without proper escaping, allowing to execute arbitrary > JavaScript in the client's web browser through network names which > contains payload, for example > AP</h2><svg onclick=alert(0);> > > Additionally the network interface overview displays configured wireless > network SSID without proper escaping. > > Since the SSID string is stored in the UCI configuration, the issue > effectively becomes a stored Stored Cross Site Scripting (XSS) > vulnerability. > > > REQUIREMENTS > > In order to exploit this vulnerability, a user needs to either > explicitly pick a network with a malicious SSID from the wireless scan > result list or manually add a wireless network with an SSID containing > embedded script and browsing to the network interface overview page. > > The wireless scan result list is not affected by this issue, so no > automatic script code execution is possible through it. > > > MITIGATIONS > > To fix this issue, update the affected LuCI package using the command > below. The fix is contained in version `git-19.309.48729-bc17ef673` and > later. > > `opkg update; opkg upgrade luci-mod-admin-full` > > To workaround the problem, avoid joining networks with HTML code in the > SSID. > > > AFFECTED VERSIONS > > To our knowledge, LuCI packages with OpenWrt versions 18.06.0 to 18.06.4 > are affected. OpenWrt 19.07 is not affected by this problem. > The fixed LuCI packages are integrated in the OpenWrt 18.06.5. Older > versions of OpenWrt (e.g. OpenWrt 15.05 and LEDE 17.01) are end of life > and not supported any more. > > > CREDITS > > The issue has been reported by Marcin Zieba <marcin.zi...@ehlo.red> on > 27th October 2019 and independently by Ridwan Maulana <m...@asdqwe.net> > on 5th November 2019. > The issue has been fixed by Jo-Philipp Wich <j...@mein.io> > > > REFERENCES > > https://github.com/openwrt/luci/commit/bc17ef673f734ea8e7e696ba5735588da9111dcd
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel