Black Lantern Security (BLSOPS)

Share this post
Tripp Lite Stored XSS
blog.blacklanternsecurity.com
Vulnerability Research

Tripp Lite Stored XSS

Tripp Lite: CVE 2020-26801: SU2200RTXL2UA

Cody Martin
Jun 21, 2021
Share this post
Tripp Lite Stored XSS
blog.blacklanternsecurity.com

A stored XSS vulnerability was discovered on the Tripp Lite SU2200RTXL2UA UPS device.

CVE-2020-26801 - Stored XSS

Through the web interface, an unauthenticated attacker may supply specially crafted input to various variable fields resulting in stored XSS. The images below demonstrate the version of Tripp Lite UPS found to be vulnerable as well as proof of concept steps to reproduce. Note that it is possible to properly close out the original Javascript so that no errors are present in the page and everything continues to function as intended while injecting whatever malicious code is desired.

Affected Device Details

version_information
Version Information

Proof of Concept

vulnerable_inputs
Vulnerable Inputs
xss_execution
Stored XSS Executing
source_code
Source Code

Conclusion and Recommendation

The Tripp Lite SU2200RTXL2UA is still being sold by Tripp Lite and it is unknown at this time whether or not CVE-2020-26801 has been fixed in the most recent firmware versions. If you own one of these devices, you may be able to disable the web interface functionality. Disabling the web interface would effectively mitigate any potential risk imposed by this vulnerability.

Timeline

2020-10-06: Contacted MITRE to Request CVE
2021-06-08: MITRE Responded with CVE IDs
2021-06-21: Public Disclosure

Share

References

  1. Tripp Lite SU2200RTXL2UA, https://www.tripplite.com/support/su2200rtxl2ua

  2. MITRE CVE, https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26801

Share this post
Tripp Lite Stored XSS
blog.blacklanternsecurity.com
Comments
TopNewCommunity

No posts

Ready for more?

© 2023 Black Lantern Security (BLSOPS)
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing