CVE-2021-44148

GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name.
References
Link Resource
https://beaugraham.com/CVE-2021-44148-xss.html Exploit Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gl-inet:gl-ar150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar150:-:*:*:*:*:*:*:*

Information

Published : 2021-12-07 14:15

Updated : 2021-12-08 18:10


NVD link : CVE-2021-44148

Mitre link : CVE-2021-44148


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

gl-inet

  • gl-ar150
  • gl-ar150_firmware