PT-2026-8363 · Unknown · Smoothwall Express

Ozer Goker

·

Published

2026-02-16

·

Updated

2026-02-16

·

CVE-2019-25380

CVSS v3.1
6.1
VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Smoothwall Express version 3.1-SP4-polar-x86 64-update9
Description The software contains multiple reflected cross-site scripting issues within the 
dhcp.cgi
script. Attackers can inject malicious scripts by submitting POST requests to the ''/dhcp.cgi'' endpoint. Exploitation occurs through various parameters, including 
BOOT SERVER
, 
BOOT FILE
, 
BOOT ROOT
, 
START ADDR
, 
END ADDR
, 
DNS1
, 
DNS2
, 
NTP1
, 
NTP2
, 
WINS1
, 
WINS2
, 
DEFAULT LEASE TIME
, 
MAX LEASE TIME
, 
DOMAIN NAME
, 
NIS DOMAIN
, 
NIS1
, 
NIS2
, 
STATIC HOST
, 
STATIC DESC
, 
STATIC MAC
, and 
STATIC IP
. Successful exploitation allows execution of arbitrary JavaScript in user browsers.
Recommendations Smoothwall Express version 3.1-SP4-polar-x86 64-update9: Sanitize or validate all input received through the parameters 
BOOT SERVER
, 
BOOT FILE
, 
BOOT ROOT
, 
START ADDR
, 
END ADDR
, 
DNS1
, 
DNS2
, 
NTP1
, 
NTP2
, 
WINS1
, 
WINS2
, 
DEFAULT LEASE TIME
, 
MAX LEASE TIME
, 
DOMAIN NAME
, 
NIS DOMAIN
, 
NIS1
, 
NIS2
, 
STATIC HOST
, 
STATIC DESC
, 
STATIC MAC
, and 
STATIC IP
before processing them in the 
dhcp.cgi
script.

Exploit

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25380

Affected Products

Smoothwall Express