CVE-2023-36146

MEDIUM

Multilaser RE 170 - Firmware 2.2.6733 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36146. PoCs published by leonardobg.

AI-analyzed exploit summary This PoC demonstrates an authenticated stored XSS vulnerability in Multilaser RE 170 Firmware 2.2.6733. The exploit involves injecting a malicious payload into the 'Description' field under the IP Filtering section, which executes when the page is loaded.

Description

A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.

Exploits (1)

nomisec WORKING POC

by leonardobg · poc

https://github.com/leonardobg/CVE-2023-36146

View Code ZIP pw:eip

This PoC demonstrates an authenticated stored XSS vulnerability in Multilaser RE 170 Firmware 2.2.6733. The exploit involves injecting a malicious payload into the 'Description' field under the IP Filtering section, which executes when the page is loaded.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Multilaser RE 170 Firmware 2.2.6733

Auth required

Prerequisites: Access to the device's web interface · Valid credentials for authentication

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Not Applicable

http://multilaser.com

Exploit, Third Party Advisory

https://github.com/leonardobg/CVE-2023-36146/#readme

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0041

EPSS Percentile 33.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

multilaser/re170_firmware 2.2.6733

Published Jun 30, 2023

Tracked Since Feb 18, 2026