CVE-2019-18842

Name of the Vulnerable Software and Affected Versions: Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module version 1.2.2

Description: A cross-site scripting (XSS) issue in the configuration web interface allows attackers to leak credentials of the Wi-Fi access point and the web interface login credentials by creating a nearby malicious Wi-Fi access point.

Recommendations: For version 1.2.2, as a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the module's web interface until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.