Wavlink WL-WN579X3-C Cross-Site Scripting Vulnerability in adm.cgi

A cross-site scripting (XSS) vulnerability has been identified in the Wavlink WL-WN579X3-C router, specifically in version 231124. The issue resides in the 'adm.cgi' file, within the 'sub_401AD4' function. The vulnerability is triggered by manipulating the 'hostname' parameter, which is not properly sanitized before being outputted to users. This flaw can be exploited remotely, requiring authentication and user interaction.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to '/cgi-bin/adm.cgi' with the 'page' parameter set to 'sysinit'. Include a crafted 'hostname' value that contains script tags or SVG elements with event handlers, such as an 'onload' attribute. The injected script will be executed when the response is rendered in a browser.

Remediation

Users are advised to upgrade to Wavlink WL-WN579X3-C version 20260226, which addresses this vulnerability.