vendor:
HX200
by:
Gjoko 'LiquidWorm' Krstic
8.8
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: HX200
Affected Version From: HX200 v8.3.1.14
Affected Version To: HN7000S v6.9.0.37
Patch Exists: NO
Related CWE:
CPE: h:hughes:hx200
Platforms Tested: WindWeb/1.0
2022
Hughes Satellite Router HX200 v8.3.1.14 – Remote File Inclusion
The router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.
Mitigation:
Ensure that the application is not vulnerable to remote file inclusion attacks by validating user input and restricting access to the application.