XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter.
CPE | Name | Operator | Version |
---|---|---|---|
lv-wr07_firmware | eq | 28.0.0-k-router.20170904 |