| Title | INTELBRAS RF 301K 1.1.5 Cross Site Scripting |
|---|
| Description | A Cross-site Scripting (XSS) vulnerability was found in the application and management of the INTELBRAS RF 301K router.
To carry out this attack, it is necessary to be authenticated in the system.
To carry out the attack, it is necessary to access the "Advanced Configuration" menu and then the "Static IP" submenu. In the "Add" function, there is an input field for entering the description to be added to the Static IP Address. The affected field is "Description". In this field, it is possible to inject a Cross-Site Scripting script.
Script: <img src="" onerror="prompt(8)">
|
|---|
| Source | ⚠️ http://x.x.x.x:8888/index.html |
|---|
| User | Havook (UID 71104) |
|---|
| Submission | 02/15/2025 22:35 (1 Year ago) |
|---|
| Moderation | 05/20/2025 14:53 (3 months later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 309647 [Intelbras RF 301K 1.1.5 Add Static IP Description cross site scripting] |
|---|
| Points | 17 |
|---|