Headline

JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities

The device suffers from multiple vulnerabilities including: Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.

2 years ago

Zero Science Lab

Open in Source

#xss #csrf #vulnerability #web #auth

Title: JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities
Advisory ID: ZSL-2022-5708
Type: Local/Remote
Impact: Cross-Site Scripting, Spoofing, System Access
Risk: (4/5)
Release Date: 14.06.2022

Summary

This ONU is the perfect GEPON home and business gateway. It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND and COMBINED.

Description

The device suffers from multiple vulnerabilities including: Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.

Vendor

JM-DATA GmbH - https://www.jm-data.at

Affected Version

1.0.67
1.0.62
1.0.55

Tested On

Boa/0.93.15

Vendor Status

N/A

PoC

jm_data-JF511-TV_info.txt

Credits

Vulnerability discovered by Neurogenesia - <[email protected]>

References

N/A

Changelog

[14.06.2022] - Initial release

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: [email protected]

Zero Science Lab: Latest News

Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure

30 days ago

Zero Science Lab

Deep Sea Electronics DSE855 Remote Authentication Bypass

2 months ago

Zero Science Lab

Aquatronica Control System 5.1.6 Passwords Leak Vulnerability

3 months ago

Zero Science Lab

Elber Wayber Analog/Digital Audio STL 4.00 Device Config

5 months ago

Zero Science Lab

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

5 months ago

Zero Science Lab