GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.
References
Link | Resource |
---|---|
https://beaugraham.com/CVE-2021-44148-xss.html | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2021-12-07 14:15
Updated : 2021-12-08 18:10
NVD link : CVE-2021-44148
Mitre link : CVE-2021-44148
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
gl-inet
- gl-ar150
- gl-ar150_firmware