CVE-2021-27403
MEDIUMAskey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 - Cross-Site Scripting via curWebPage Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-27403. PoCs published by bokanrb.
AI-analyzed exploit summary This PoC demonstrates an unauthenticated Cross-Site Scripting (XSS) vulnerability in Askey RTF8115VW modems. The exploit leverages the 'curWebPage' parameter in both GET and POST requests to inject malicious JavaScript payloads without requiring valid credentials.
Description
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
Exploits (1)
This PoC demonstrates an unauthenticated Cross-Site Scripting (XSS) vulnerability in Askey RTF8115VW modems. The exploit leverages the 'curWebPage' parameter in both GET and POST requests to inject malicious JavaScript payloads without requiring valid credentials.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N