NRadio N8-180 Devices Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in NRadio N8-180 devices running NROS version 1.9.2.n3.c5. The issue arises in the /cgi-bin/luci/nradio/basic/radio endpoint, where the 2.4 GHz and 5 GHz name parameters are susceptible to XSS. This allows an attacker to inject JavaScript into the SSID field, which is then executed in the context of the current user. If an administrator is logged into the device, the injected script runs in their browser, executing the malicious payload.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, log into an affected NRadio N8-180 device with the vulnerable NROS version. Navigate to the /cgi-bin/luci/nradio/basic/radio endpoint. Inject JavaScript into the SSID field of the 2.4 GHz or 5 GHz name parameters. Once the injected script is saved, log in as an administrator to execute the malicious payload in the browser.