Vulnerable Systems:
* NETGEAR DGN1000B 1.1.00.24 and prior
NETGEAR DGN1000B routers contain a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'service_name', 'device', 'ssid_num', 'h_skeyword', and 'cfKeyWord_Domain' parameters upon submission to the /setup.cgi script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
Disclosure Timeline:
Vendor Informed Date :2012-10-15
Disclosure Date :2013-02-06
Vendor Ack Date :2012-10-24
Exploit Publish Date :2013-02-06