← Advisories

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection

Medium

Advisory ID

ZSL-2019-5503

Release Date

05 January 2019

Vendor

Leica Geosystems AG - https://www.leica-geosystems.com

Affected Version

4.30.063, 4.20.232, 4.11.606, 3.22.1818, 3.10.1633, 2.62.782, 1.00.395

CVE

CVE-2018-25131

Tested On

BarracudaServer.com (WindowsCE)

Summary

The Leica GR10 is the next generation GNSS reference station receiver that combines the latest state-of-the-art technologies with a streamlined 'plug and play' workflow. Designed for a wide variety of GNSS reference station applications, the Leica GR10 offers new levels of simplicity, reliability and performance.

Description

The application suffers from a stored XSS vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML and JS code in a user's browser session in context of an affected site.

Proof of Concept

leica_xss.htmlTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.zeroscience.mk/#/advisories/ZSL-2019-5502

[2]https://www.exploit-db.com/exploits/46091

[3]https://packetstormsecurity.com/files/151041

[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/155274

[5]https://www.cve.org/CVERecord?id=CVE-2018-25131

Changelog

05.01.2019Initial release

14.01.2019Added reference [2], [3] and [4]

21.03.2026Added reference [5]