Tag: Cross Site Scripting

security advisory

[ICS] Carlo Gavazzi VMUC-EM Energy Meter – Multiple Vulnerabilities

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03

CVE-IDs
CVE-2017-5144
CVE-2017-5145
CVE-2017-5146

security advisory

[ICS] BINOM3 Electric Power Quality Meters – Multiple Vulnerabilities

Hacking Binom3 Electric Power Quality Meters

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A

CVE-IDs
CVE-2017-5164
CVE-2017-5162
CVE-2017-5165
CVE-2017-5166
CVE-2017-5167

Read on.

security advisory

Sterlite SAM300AX ADSL router Cross Site Scripting (XSS)

My first security advisory 🙂

Well, I reported XSS in Sterlite router on Feb 5, 2010.

Sterlite SAM300AX is used by broadband customers in Delhi and Mumbai, India. Given the customer base of MTNL in these 2 metro cities, this vulnerability may be extremely useful for an attacker and / or a bot herder looking for new bots.

After waiting for vendor response 2 weeks +, I decided to publish this to Full Disclosure/publicly.

Sharing the vuln POST request and parameters here: