FLEX 1085 Web 1.6.0 HTML Injection

`# Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection  
# Date: 2021-11-21  
# Exploit Author: Mr Empy  
# Vendor Homepage: https://www.tem.ind.br/  
# Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94  
# Version: 1.6.0  
# Tested on: Android  
  
  
Title:  
================  
FLEX 1085 Web - HTML Injection  
  
Summary:  
================  
The FLEX 1085 Web appliance is vulnerable to an HTML injection attack that  
allows the injection of arbitrary HTML code.  
  
  
Severity Level:  
================  
5.3 (Medium)  
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N  
  
  
Vulnerability Disclosure Schedule:  
============================  
* October 19, 2021: An email was sent to support at 6:08MP.  
  
* November 20, 2021: I didn't get any response from support.  
  
* November 21, 2021: Vulnerability Disclosure  
  
  
Affected Product:  
================  
FLEX 1085 Web v1.6.0  
  
  
Steps to Reproduce:  
================  
  
1. Open your browser and search for your device's IP address (http://<IP>).  
  
2. Log in to the device's dashboard and go to "WiFi".  
  
3. Use another device that has an access point and create a Wi-Fi network  
called "<h1>HTML Injection</h1>" (no double quotes) and activate the access  
point. (https://prnt.sc/20e4y88)  
  
4. Go back to the FLEX device and when scanning the new WiFi networks, the  
new network will appear written "HTML Injection" in bold and with a larger  
font size. (http://prnt.sc/20e51li)  
  
`