Intelbras RX1500 and RX3000 Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the Intelbras RX1500 router running firmware version 2.2.9 and the RX3000 router on version 1.0.11. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the name of a Wi-Fi network that the router is connected to.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into the router's web management interface. Navigate to the Wi-Fi settings and select the Guest Network option. Inject a script payload into the Wi-Fi network name field for either the 2.4GHz or 5GHz band. Once the payload is injected, the script will execute when the Site Survey feature is accessed, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update to the latest firmware version, which addresses this vulnerability. For the RX1500, the patched version is 2.2.12, and for the RX3000, it is 1.0.21.