Persistent HTML Injection/XSS in Netgear VMDG480 Routers
This vulnerability requires the user to be logged in as the administrator. The vulnerability exists in the RgFirewallEL.asp page of the router and is typically accessible within a LAN from, it may also be accessed remotely if remote administration is enabled, typically on port 8080.
By POST'ing correctly structured HTML/Javascript in the 'EmailAddress' parameter's value (after loose client side javascript 'validation') the POST'ed HTML/Javascript is persistently injected into the 'Logs' (RgFirewallEL.asp) page.
Proof of concept:
After logging in as 'admin' (default password 'changeme'), fill in the fields.
use Tamper Data Firefox add-on, or a similar tool to change the POST value of the 'EmailAddress' parameter to something like.