January 25, 2020
No Comments

A stored, cross-site scripting (XSS) flaw was found in iB-WRB304N version 1.0.0. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a iBall WRB304N router, allowing for the execution and persistent storage of arbitrary scripts. VULNERABLE PARAMETER /GOFORM/FROMSETDDNS STEPS TO REPRODUCE 1, LOGIN TO THE ROUTER 2,NAVIGATE TO