Wavlink WL-WN579A3 Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the Wavlink WL-WN579A3 router, specifically in version 220323. The issue arises in the '/cgi-bin/login.cgi' file, within the 'sub_401F80' function. The vulnerability can be exploited remotely by manipulating the 'Hostname' argument in POST requests to the login page, without requiring authentication. This exploitation involves injecting unfiltered data that is then output to other users as part of the web page.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to the '/cgi-bin/login.cgi' endpoint with the 'page' parameter set to 'login' and the 'Hostname' parameter manipulated to include the desired script payload. The 'ftext' function will process the request, leading to the execution of the injected script in the user's browser.

Remediation

Users are advised to upgrade to the latest version of the Wavlink WL-WN579A3 router, which includes a fix for this vulnerability. The updated version can be downloaded from the Wavlink firmware repository.