Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.
References
Link | Resource |
---|---|
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2018/Oct/29 | Exploit Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2018-10-15 12:29
Updated : 2018-11-30 06:09
NVD link : CVE-2018-17533
Mitre link : CVE-2018-17533
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
teltonika
- rut950_firmware
- rut900_firmware
- rut950
- rut955_firmware
- rut955
- rut900