Gl.Inet · Gl-Ar150 · CVE-2021-44148
Name of the Vulnerable Software and Affected Versions:
GL.iNet GL-AR150 versions 2.x through 2.x
Description:
The issue allows for XSS when an attacker creates an SSID with an XSS payload as the name, affecting devices configured as repeaters. This occurs through the `cgi-bin/router cgi?action=scanwifi` endpoint.
Recommendations:
For versions 2.x, update to version 3.x or later to resolve the issue. As a temporary workaround, consider restricting access to the `cgi-bin/router cgi?action=scanwifi` endpoint until a patch is available.