PT-2019-9019 · Digisol · Digisol Wireless Wifi Home Router Hr-3300

Published

2019-07-05

Updated

2019-07-08

CVE-2018-14027

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Digisol Wireless Wifi Home Router HR-3300

Description The issue allows for XSS via the userid or password parameter to the "admin login page" API endpoint.

Recommendations For Digisol Wireless Wifi Home Router HR-3300, avoid using the userid or password parameters in the admin login page until the issue is resolved. As a temporary workaround, consider restricting access to the admin login page to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-14027

Affected Products

Digisol Wireless Wifi Home Router Hr-3300

PT-2019-9019 · Digisol · Digisol Wireless Wifi Home Router Hr-3300

CVE-2018-14027

Weakness Enumeration

Related Identifiers

Affected Products

References · 3