Cross-Site Scripting Vulnerability in Teltonika RUT9XX Routers
CVE-2018-17533

6.1MEDIUM

Key Information:

Vendor

Teltonika

Status
Rut900 Firmware
Vendor
CVE Published:
15 October 2018

What is CVE-2018-17533?

Teltonika RUT9XX routers are vulnerable to cross-site scripting (XSS) attacks through the hotspotlogin.cgi script due to inadequate sanitization of user inputs. Attackers can exploit this vulnerability to inject malicious scripts, potentially leading to unauthorized access or the execution of arbitrary code within the context of the affected users. It is crucial for users of these routers to upgrade to firmware version 00.05.01.1 or later to mitigate the risk of exploitation.

References

https://github.com/sbaresearch/advisories/tree/public/201...
x_refsource_MISC
http://seclists.org/fulldisclosure/2018/Oct/29
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/149781/Teltonika-RUT...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.