NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Stored XSS Vulnerability

Authored by Dolev Farhi @f1nhack

# Vendor homepage: http://netgear.com

# Affected Firmware version: 1.0.0.29_1.7.29_HotS

# Affected Hardware: NETGEAR DGN2200 Wireless ADSL Router




Summary
=======
NETGEAR DGN2200 ADSL router web interface suffers from persistent XSS vulnerability in the QoS(Quality of Service) Administration page under 'Expert Mode'.



Vulnerability Description
=========================
Persistent Cross Site Scripting



Steps to reproduce / PoC:
=========================
1. Login to the router web interface

2. Enter expert mode

3. navigate to QoS page

4. Add QoS Rule, or Edit an existing one.

5. in "QoS Policy for: " Enter the following: <script>alert("XSS")</script> and click apply.

6. go to another page and navigate back into QoS - the XSS error pops up.
    - PoC Video: https://www.youtube.com/watch?v=xxjluF2RR70




//The information contained within this publication is


//supplied "as-is"with no warranties or guarantees of fitness


//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts


//responsibility for any damage caused by the use or misuse of


//this information