{"id":300,"date":"2007-12-27T10:13:46","date_gmt":"2007-12-27T13:13:46","guid":{"rendered":"https:\/\/www.talsoft-security.com\/site\/?p=300"},"modified":"2007-12-28T08:25:25","modified_gmt":"2007-12-28T11:25:25","slug":"cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/","title":{"rendered":"Cross-site scripting en el interfaz web de ZyXEL P-330W Wireless Router"},"content":{"rendered":"

Se ha encontrado una vulnerabilidad en el interfaz web de los routers
\nZyXEL Wireless P-330W que podr\u00c3\u00ada ser explotada por un atacante remoto
\npara conducir ataques de cross-site scripting (XSS) y cross-site request
\nforgery (XSRF).<\/p>\n

La vulnerabilidad est\u00c3\u00a1 causada porque la interfaz no filtra de forma
\nadecuada el c\u00c3\u00b3digo HTML de entrada, introducido por el usuario, antes de
\nque \u00c3\u00a9ste sea mostrado. Esto podr\u00c3\u00ada ser explotado por un atacante remoto,
\npor medio de una URL especialmente modificada, para ejecutar c\u00c3\u00b3digo
\nJavaScript o HTML arbitrario. El c\u00c3\u00b3digo se originar\u00c3\u00ada desde la interfaz
\nweb del router y ser\u00c3\u00ada ejecutado en el contexto de seguridad del usuario
\nque visita dicha URL.<\/p>\n

El atacante podr\u00c3\u00ada tener as\u00c3\u00ad acceso las cookies de usuario, incluidas
\nlas de autenticaci\u00c3\u00b3n, o a cualquier otra informaci\u00c3\u00b3n que haya sido
\nenviada recientemente al router a trav\u00c3\u00a9s de formularios web. Adem\u00c3\u00a1s
\npodr\u00c3\u00ada realizar acciones en dicha web con los credenciales del usuario,
\npudiendo as\u00c3\u00ad cambiar la configuraci\u00c3\u00b3n del router.<\/p>\n

Recientemente se ha publicado un exploit en el que se muestra como
\ncambiar la contrase\u00c3\u00b1a de administrador del router. La vulnerabilidad
\nest\u00c3\u00a1 confirmada para la versi\u00c3\u00b3n ZyXEL P-330W Wireless Router aunque
\npodr\u00c3\u00ada afectar a otras versiones. Por el momento existe ning\u00c3\u00ban parche
\ndisponible proporcionado por el fabricante.<\/p>\n

Opina sobre esta noticia:
\nhttp:\/\/www.hispasec.com\/unaaldia\/3350\/comentar<\/a><\/p>\n

M\u00c3\u00a1s informaci\u00c3\u00b3n:<\/p>\n

[Full-disclosure] Ho Ho H0-Day – ZyXEL P-330W multiple XSS and XSRF
\nhttp:\/\/seclists.org\/fulldisclosure\/2007\/Dec\/0559.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Se ha encontrado una vulnerabilidad en el interfaz web de los routers ZyXEL Wireless P-330W que podr\u00c3\u00ada ser explotada por un atacante remoto para conducir ataques de cross-site scripting (XSS) y cross-site request forgery (XSRF). La vulnerabilidad est\u00c3\u00a1 causada porque la interfaz no filtra de forma adecuada el c\u00c3\u00b3digo HTML de entrada, introducido por el […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[],"class_list":["post-300","post","type-post","status-publish","format-standard","hentry","category-noticias"],"yoast_head":"\nTalSoft - Seguridad Inform\u00e1tica Empresarial - Cross-site scripting en el interfaz web de ZyXEL P-330W Wireless Router<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Cross-site scripting en el interfaz web de ZyXEL P-330W Wireless Router\",\"datePublished\":\"2007-12-27T13:13:46+00:00\",\"dateModified\":\"2007-12-28T11:25:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/\"},\"wordCount\":270,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Noticias\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Cross-site scripting en el interfaz web de ZyXEL P-330W Wireless Router\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2007-12-27T13:13:46+00:00\",\"dateModified\":\"2007-12-28T11:25:25+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Cross-site scripting en el interfaz web de ZyXEL P-330W Wireless Router","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Cross-site scripting en el interfaz web de ZyXEL P-330W Wireless Router","datePublished":"2007-12-27T13:13:46+00:00","dateModified":"2007-12-28T11:25:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/"},"wordCount":270,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Noticias"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/","url":"https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Cross-site scripting en el interfaz web de ZyXEL P-330W Wireless Router","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2007-12-27T13:13:46+00:00","dateModified":"2007-12-28T11:25:25+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/cross-site-scripting-en-el-interfaz-web-de-zyxel-p-330w-wireless-router\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=300"}],"version-history":[{"count":0,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/300\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}