“Ubiquiti Networks develops high-performance networking technology for service providers and enterprises. Our technology platforms focus on delivering highly advanced and easily deployable solutions that appeal to a global customer base in underserved and underpenetrated markets.”
SEC Consult recommends not to use this device in production until a thorough security review has been performed by security professionals and all
identified issues have been resolved.
Vulnerability Overview/ Description
1) Reflected Cross Site Scripting (XSS) in Internet Explorer This vulnerability can be exploited by deactivating or bypassing the integrated XSS-filter of the Internet Explorer.
Proof Of Concept
1) Reflected Cross Site Scripting (XSS) in Internet Explorer
The following URL can be used as PoC:
The characters “=” and “/” are not allowed in this injection.
This restriction can be bypassed in Internet Explorer via the use of a SVG and BR tag.
Since “/” is not allowed the <script> tag can’t be closed and therefore browsers will not execute the supplied code. Moreover, event handlers (e.g. <svg onload=alert(1)>) can’t be used because of the “=” restriction. However, Internet Explorer can be tricked to parse the script via the use of the SVG and BR tags.
It can be assumed that similar tricks exit for other browsers.
Vulnerable / Tested Versions
EdgeRouter X SFP – Firmware v1.9.1