XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command.

Published : 2017-09-07 22:29 Updated : 2017-09-19 17:38

CVSS Score More info
Score 4.3 / 10
Vendor Product Version URI
Intelbras Wrn 240 Firmware - cpe:/o:intelbras:wrn_240_firmware:-
  1. Intelbras (1) Search CVE
    1. Wrn 240 Firmware (1) Search CVE
      1. -


ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2017-09-19 19:30
2017-09-10 05:29
2017-09-07 22:29