VULHUB ™

It is reported that the Network Everywhere NR041 Router is susceptible to an HTML injection vulnerability in its DHCP log. An attacker can craft successive DHCP requests, which when viewed by the administrator, will be combined to create longer strings of HTML that are interpreted by the administrator's web browser. The injected HTML can be used to cause the administrator to make unintended changes to the configuration of the router. Other attacks may be possible.

It is reported that the Network Everywhere NR041 Router is susceptible to an HTML injection vulnerability in its DHCP log. An attacker can craft successive DHCP requests, which when viewed by the administrator, will be combined to create longer strings of HTML that are interpreted by the administrator's web browser. The injected HTML can be used to cause the administrator to make unintended changes to the configuration of the router. Other attacks may be possible.