Primary

Context

BIVOCOM TR321 Cross-Site Scripting Vulnerability in Wireless Settings Component

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the BIVOCOM TR321 version 21.1.1.50. The issue arises in the Wireless Setting component, where the Network Name (SSID) field can be manipulated to inject malicious scripts. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, access the BIVOCOM TR321 device's management application and navigate to the Wireless Setting section. Modify the Network Name (SSID) field by injecting a script, such as an image tag with an 'onerror' event, which will trigger a prompt as part of the cross-site scripting exploit.

Added: Apr 25, 2026, 9:19 PM

Updated: Apr 25, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

6.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

6.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BIVOCOM TR321 Cross-Site Scripting Vulnerability in Wireless Settings Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating