A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows malicious users to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
usriot usr-wifi232-s_firmware 1.2.2 |
||
usriot usr-wifi232-t_firmware 1.2.2 |
||
usriot usr-wifi232-g2_firmware 1.2.2 |
||
usriot usr-wifi232-h_firmware 1.2.2 |