Posted by DAU Huy Ngoc on Jun 02
Hello list,
Here are two CVEs I reported to Freebox, a french ISP:
– CVE-2014-9382 – CSRF in VPN user account creation
– CVE-2014-9405 – XSS
Vulnerable product: Freebox OS Web interface 3.0.2.
CVE-2014-9382 – CSRF in Freebox OS Web interface 3.0.2 allowing VPN user
account creation
====================
Risk level: High
Freebox allows users to create VPN connections to their home network.
In version 3.0.2 when a new user is created, the…