[Comtech] H8 Heights Remote Gateway Authenticated Stored XSS (CVE-2019-17667)

Purpose-built to unleash the potential of these tight spot beams, Heights remote gateways provide the strongest processing performance, maximizing user IP bits per Hz while realizing significant gains in user IP bits per Amplifier (BUC) Watt.

Vendor WebSite:


You can search for vulnerable applications with Google Dorks or maybe with the following dork https://www.shodan.io/search?query=html:”Comtech+EF+Data in shodan.

How to do it?

We need to use the default comtech credentials to access on the administration panel (comtech:comtech)

Go to Utility> Utility in Main Menu and you’re going to see something like this:

On Unit/site Name input we can try to set a HTML code injection to see if the name at the top right corner changes, in this case, we are going to use an “<h1></h1>” tag.

Cool! we got it, now the Stored XSS PoC.



Happy Hacking ! @CesarSilence