| عنوان | FLEX 1085 Web 1.6.0 - HTML Injection |
|---|
| الوصف | Title:
================
FLEX 1085 Web - HTML Injection
Summary:
================
The FLEX 1085 Web appliance is vulnerable to an HTML injection attack that
allows the injection of arbitrary HTML code.
Severity Level:
================
5.3 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Disclosure Schedule:
============================
* October 19, 2021: An email was sent to support at 6:08MP.
* November 20, 2021: I didn't get any response from support.
* November 21, 2021: Vulnerability Disclosure
Affected Product:
================
FLEX 1085 Web v1.6.0
Steps to Reproduce:
================
1. Open your browser and search for your device's IP address (http://<IP>).
2. Log in to the device's dashboard and go to "WiFi".
3. Use another device that has an access point and create a Wi-Fi network
called "<h1>HTML Injection</h1>" (no double quotes) and activate the access
point. (https://prnt.sc/20e4y88)
4. Go back to the FLEX device and when scanning the new WiFi networks, the
new network will appear written "HTML Injection" in bold and with a larger
font size. (http://prnt.sc/20e51li) |
|---|
| المصدر | ⚠️ https://www.tem.ind.br/?page=prod-detalhe&id=94 |
|---|
| المستخدم | mrempy (UID 24379) |
|---|
| ارسال | 05/03/2022 06:10 PM (4 سنوات منذ) |
|---|
| الاعتدال | 13/03/2022 12:20 PM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 194845 [TEM FLEX-1085 1.6.0 تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|