Intelbras WRN 150 Cross-Site Scripting Vulnerability in Wireless Menu

A cross-site scripting (XSS) vulnerability exists in the Intelbras WRN 150 router, specifically in version 1.0.15_pt_ITB01. The issue arises within the Wireless Menu, where the SSID input field does not properly sanitize user input. This flaw allows for the injection of malicious scripts, which could be executed in the context of the user’s browser. The vulnerability can be exploited remotely, but requires authentication and user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, log into the Intelbras WRN 150 router and navigate to the 'Wireless' menu. In the 'SSID' submenu, enter a name for the wireless network. The input field is vulnerable to cross-site scripting, allowing the injection of scripts, such as an image tag with an error handler that prompts the user.

Remediation

Users are advised to upgrade to the latest version of the Intelbras WRN 150 router, as the current version 1.0.15_pt_ITB01 is vulnerable.