Subscribe via feed.

Peplink NGxxx/LCxxx VPN-Firewall Open Redirect

Posted by deepcore on November 30, 2016 – 5:30 am

Input passed via the ‘_redirect’ GET parameter via ‘service.cgi’ script on various Peplink VPN-Firewall devices is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »