Exploit/Advisories no image

Published on November 24th, 2021 📆 | 5148 Views ⚑

0

FLEX 1085 Web 1.6.0 HTML Injection – Torchsec

# Exploit Title: FLEX 1085 Web 1.6.0 – HTML Injection
# Date: 2021-11-21
# Exploit Author: Mr Empy
# Vendor Homepage: https://www.tem.ind.br/
# Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94
# Version: 1.6.0
# Tested on: Android

Title:
================
FLEX 1085 Web – HTML Injection

Summary:
================
The FLEX 1085 Web appliance is vulnerable to an HTML injection attack that
allows the injection of arbitrary HTML code.

Severity Level:
================
5.3 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Disclosure Schedule:
============================
* October 19, 2021: An email was sent to support at 6:08MP.

* November 20, 2021: I didn’t get any response from support.

* November 21, 2021: Vulnerability Disclosure

Affected Product:
================
FLEX 1085 Web v1.6.0

Steps to Reproduce:
================

1. Open your browser and search for your device’s IP address (http://).

2. Log in to the device’s dashboard and go to “WiFi”.

3. Use another device that has an access point and create a Wi-Fi network
called “

HTML Injection

” (no double quotes) and activate the access
point. (https://prnt.sc/20e4y88)

4. Go back to the FLEX device and when scanning the new WiFi networks, the
new network will appear written “HTML Injection” in bold and with a larger
font size. (http://prnt.sc/20e51li)

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *