exploitDog

GHSA-5wjh-qcx2-pg74

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Stored XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device's user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device.

Stored XSS on Acexy (BoyaMicro) Wireless-N WiFi Repeater 28.08.06.1 version 1.0 devices can occur via a malformed SSID field during scanning for nearby access points, which also occurs when a device's user visits the Repeater Wizard web management section. This enables an attacker to steal LAN credentials without being connected to the device.

Ссылки

EPSS

Процентиль: 47%

0.0024

Низкий

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-28160

CVSS3: 6.1

nvd

почти 5 лет назад

Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page ("Repeater Wizard" homepage section).

EPSS

Процентиль: 47%

0.0024

Низкий

CVE ID

Дефекты

CWE-79