Cross-Site Scripting Vulnerabilities in Siemens Gigaset SE361 WLAN Router
CVE-2007-4488

Currently unrated

Key Information:

Vendor: Siemens
Status: Gigaset Se361 Wlan Router
Vendor: CVE Published:; 22 August 2007

Summary

The Siemens Gigaset SE361 WLAN router is vulnerable to multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web scripts. This can be triggered by the URI segment following the filename, particularly affecting GIF filename handling, causing the GIF file to render in a text format and possibly leading to a denial of service by crashing the device. Additionally, if exploited through the login.tri filename, it may result in an endless loop of requests to the login page, further compromising user access.

References

http://securityreason.com/securityalert/3050

third-party-advisoryx_refsource_SREASON

http://osvdb.org/45841

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/archive/1/477220/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Aug 22, 2007
Vulnerability Reserved
Aug 22, 2007