JCG Link-net LW-N915R Cross-Site Scripting Vulnerability in Wireless Basic Settings Page
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in the JCG Link-net LW-N915R router, specifically in the version 17s.20.001.908. The issue resides in the Wireless Basic Settings Page, within the file '/wireless/basic.asp'. The vulnerability is triggered by manipulating the 'Network Name (SSID)' field, allowing the injection of malicious scripts. This vulnerability can be exploited remotely, but requires authentication and user interaction.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, log into the router's management interface and navigate to the 'Wireless Basic Settings' page. Once there, locate the 'Network Name (SSID)' field. Inject a script, such as an image tag with an 'onerror' event, into this field. After submitting the form, the injected script will execute, demonstrating the cross-site scripting vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.