Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities
Vulnerability Note VU#525276
Original Release Date: 2015-08-31 | Last Revised: 2016-04-17
The Phillipine Long Distance Telephone (PLDT) company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected.
PLDT provides SpeedSurf 504AN, firmware version GAN9.8U26-4-TX-R6B018-PH.EN, and the Kasda KW58293, to customers for internet access. These devices contains multiple vulnerabilities.
The form2WlanSetup.cgi page does not properly authenticate that administrative actions are being performed on purpose. An attacker may lure a user behind the router to click a malicious link when performs administrative actions such as changing the device's network settings.
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - CVE-2015-5992
The form2WlanSetup.cgi page contains an "ssid" parameter which is vulnerable to cross-site scripting.
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-5993
The form2ping.cgi page may be used to send PING requests. An attacker may use this page to inject a large string (more than 1874 characters) in the parameter "ipaddr" with a POST request which may cause a denial of service on the router. The router requires manual rebooting to recover.