IRZ RUH2 GSM Router XSS vulnerability
Affected Product
IRZ RUH2 GSM ROUTER
Affected version
RUH2
CVE ID
CVE-2021-32302
Vulnerability Type
Cross Site Scripting (XSS)
Description
There exists Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router that allows attacker to obtain sensitive information via the Upload File parameter. To trigger XSS, an adversary just needs to upload a file with a name like “<script>alert(‘XSS’)</script>.png”
2 years ago I was performing penetration tests on IRZ’s RUH2 GSM Router’s web interface. I was able to find 2 XSS vulnerabilities while looking at Send SMS and file upload sections of the inteface.
First, I tried “Send SMS” functionality and found out that you can trigger XSS if you send an SMS through the interface:
Secondly, there was a file upload functionality on the web interface.
If you uploaded a file with a name like “<script>alert(‘XSS’)</script>.png”, then when uploaded, the interface would try to display the file’s name and trigger XSS:
I emailed the vendor regarding the vulnerabilities, however, could not get a response…
References
https://irz.net/en/products/routers/ruh-series/ruh2