CVE-2022-50801
📋 TL;DR
This vulnerability allows authenticated attackers to inject malicious scripts into JM-DATA ONU JF511-TV devices. When other users view the affected content, their browsers execute the attacker's scripts. Only users with authenticated access to version 1.0.67 of this specific device are affected.
💻 Affected Systems
- JM-DATA ONU JF511-TV
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could steal session cookies, perform actions as other users, or redirect users to malicious sites, potentially leading to full device compromise if combined with other vulnerabilities.
Likely Case
Attackers with legitimate credentials could deface interfaces, steal limited session data, or perform limited unauthorized actions within the device's web interface.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before reaching user browsers, preventing execution.
🎯 Exploit Status
Exploitation requires authenticated access. Public proof-of-concept details are available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.jm-data.com/
Restart Required: Yes
Instructions:
1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Upload via device web interface. 4. Reboot device after update.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize user inputs before storage.
Not applicable - requires code changes
Output Encoding
allApply proper output encoding when displaying user-controlled content in web pages.
Not applicable - requires code changes
🧯 If You Can't Patch
- Restrict access to device management interface to trusted networks only
- Implement strong authentication controls and regularly rotate credentials
🔍 How to Verify
Check if Vulnerable:
Check device firmware version in web interface. If version is 1.0.67, device is vulnerable.Check Version:
Login to device web interface and navigate to System Information or Status pageVerify Fix Applied:
After updating firmware, verify version number has changed from 1.0.67 and test XSS payloads no longer execute.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests containing script tags or JavaScript code in parameters
- Multiple failed login attempts followed by successful authentication
Network Indicators:
- HTTP requests with suspicious parameters containing script elements
- Traffic to device management interface from unexpected sources
SIEM Query:
source="device_logs" AND (http_method="POST" AND (param="<script>" OR param="javascript:"))🔗 References
- https://cxsecurity.com/issue/WLB-2022060058
- https://exchange.xforce.ibmcloud.com/vulnerabilities/229343
- https://packetstormsecurity.com/files/167487/
- https://www.jm-data.com/
- https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-authenticated-stored-cross-site-scripting-xss-vulnerability
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php
