An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device’s BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.
CPE | Name | Operator | Version |
---|---|---|---|
fds-wi_firmware | eq | 6.2 | |
wi-mgr_firmware | eq | 6.2 |