CVE-2023-25200

Root

Cause and Nature

The MT Safeline X-Ray X3310 security scanner contains an HTML injection vulnerability in its webserver software, version NXG 19.05. The web application fails to properly sanitize user-supplied input before rendering it in a browser, allowing an attacker to inject arbitrary HTML tags [1]. This type of flaw occurs when dynamic content is embedded in a page without proper encoding or filtering.

Exploitation and

Prerequisites

An attacker can exploit this vulnerability remotely without requiring prior authentication. The attack only needs to trick a victim into visiting a crafted URL or interacting with malicious content served by the device's web interface. The injection occurs in the context of the victim's session on the affected webserver, meaning the attacker's HTML is rendered as part of the legitimate page [1].

Potential

Impact

Successful exploitation enables the attacker to inject malicious HTML, which can be used to deface the web interface, present fake login forms, or execute client-side attacks such as phishing for credentials. More critically, the attacker can steal sensitive information from the victim's browser, including session cookies or other data accessible from the vulnerable page. This can lead to unauthorized access to the device's management interface or to theft of protected health information (PHI) or personally identifiable information (PII) that the device may display [1].

Mitigation and

Status

As of the publication date (April 2024), no patched firmware version has been announced by MT. The vendor should be contacted for a firmware update. In the absence of a patch, administrators should restrict network access to the X3310's web interface, use a reverse proxy with input sanitization, or place the device behind a VPN to reduce exposure [1].