Vulnerability Title : SALIOR Ku Software XSS - SNMP traps
Vulnerability Summary : XSS occurring during the setting of the SNMP traps
Manufacturer : Cobham
Software Name : SAILOR VSAT Ku - Software 164B019
Version : 164B019
Attack Type : XSS
Impact : Script Execution
Vulnerable Filename : acu_web
Vulnerable Function : c_set_traps_decode
Vulnerable Parameter : host, community
Vulnerability Environment : Environment that can set up a SNMP traps
Method of Discovery
During SNMP traps configuration, if </script><script>alert(0)</script> is input into the host, one can observe the execution of alert(0). Similarly, the vulnerability is triggered when the community is input with the same string.
Cause of Vulnerability
Upon configuring SNMP traps, variables are stored within scripts and are then displayed as SNMP traps IP address and SNMP traps Community box.
c_set_traps_decode
During the configuration, the function depicted below stores values without verifying them with config_write