← back
CVE-2017-2148

CVE-2017-2148

EPSS 0.9%
In short

A router's web interface allows attackers who are already logged in to inject malicious scripts that could steal information or perform unwanted actions. This happens because the device doesn't properly validate user input before displaying it.

Technical detail

Cross-site scripting (XSS) vulnerability in WN-AC1167GR firmware ≤1.04 allows authenticated attackers to inject arbitrary JavaScript or HTML through unspecified input vectors. The vulnerability requires valid credentials but enables session hijacking, credential theft, or unauthorized configuration changes via browser-based exploitation.

Summary generated and translated by AI from the official description.
Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected products
I-O DATA DEVICE, INC. · WN-AC1167GR

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://jvn.jp/en/jp/JVN01537659/index.htmlhttp://www.iodata.jp/support/information/2017/wn-ac1167gr/http://www.securityfocus.com/bid/97714