Primary

Context

Intelbras RF 301K Cross-Site Scripting Vulnerability in Add Static IP Component

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the Intelbras RF 301K router, specifically in version 1.1.5. The issue arises within the 'Add Static IP' feature, where the 'Description' field does not properly sanitize user input. This flaw allows authenticated users to inject scripts that could be executed in the context of other users. The vulnerability can be exploited remotely, but requires user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, an authenticated user must access the 'Advanced Configuration' menu, then navigate to the 'Static IP' submenu. In the 'Add' function, the user can inject a script into the 'Description' field, which will be executed when the input is displayed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Intelbras RF 301K Cross-Site Scripting Vulnerability in Add Static IP Component

Vulnerability

Impact

Reproduction

Affected Products

Intelbras RF 301K

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating