CVE-2018-12715 : DIGISOL DG-HR3400 Wireless Router – Cross-Site Scripting
CVE-2018-12715 discovered by ICSS team member Adipta Basu who is our ex-student and presently working as a faculty member with us. The Exploit is published on Exploit-DB on 28-06-2018. It’s an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:
Exploit Title: DIGISOL DG-HR3400 Wireless Router – Cross-Site Scripting
Date: 25-06-2018
CVE: CVE-2018-12715
Author: Adipta Basu
Overview:
The Specified router founded as vulnerable to Cross-Site Scripting. This vulnerability is still a zero day, being 24th of June 2018. To exploit the vulnerability, the following steps were taken:
Reproduction Steps:
– Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
– Go to –> “General Setup” –> “Wireless” –> “Basic Settings”
– Open BurpSuite
– Change the SSID to “Testing” and hit “Apply”
– Burp will capture the intercepts.
– Now change the SSID to <script>alert(“ADIPTA”)</script> and keep APSSID as it is
– Refresh the page, and you will get the “ADIPTA” pop-up
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT
Android App Penetration Testing
Other Location for Online Courses: