A recent security issue has surfaced, categorized as CVE-2023-27572, affecting CommScope Arris DG345 Cable Gateway devices. A reflected cross-site scripting (XSS) vulnerability was discovered in the https_redirect.php web page via the page parameter. This vulnerability potentially exposes users to a variety of security risks such as unauthorized access to sensitive information or being injected with malicious code. In this post, we will dive deeper into the vulnerability details, analyze sample code snippets, and discuss potential exploits.
The following is a sample of the vulnerable code within the https_redirect.php file
<?php echo "<meta http-equiv=\"refresh\" content=\";url=https://".$_SERVER['HTTP_HOST'].$_GET['page']."\">";; ?>
In the code above, the 'page' parameter from the URL is directly used without proper sanitization or encoding, resulting in the reflected XSS vulnerability.
Further details on this vulnerability are available through the following links
1. CVE - Common Vulnerabilities and Exposures (CVE)
2. National Vulnerability Database (NVD)
Published on: 04/15/2023 00:15:00 UTC
Last modified on: 04/21/2023 03:46:00 UTC