CVE-2023-49965

MEDIUM

SpaceX Starlink Wi-Fi router Gen 2 <2023.48.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49965. PoCs published by yoshida-git-ai.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-49965, an XSS vulnerability in the SpaceX Starlink Router Gen 2 captive portal. It includes a proof-of-concept exploit demonstrating how the vulnerability can be chained with a CSRF attack to control the router and Dishy.

Description

SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page.

Exploits (1)

nomisec WRITEUP

by yoshida-git-ai · poc

https://github.com/yoshida-git-ai/SpaceX-Starlink-Router-Gen-2-XSS

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2023-49965, an XSS vulnerability in the SpaceX Starlink Router Gen 2 captive portal. It includes a proof-of-concept exploit demonstrating how the vulnerability can be chained with a CSRF attack to control the router and Dishy.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: SpaceX Starlink Router Gen 2 (versions before 2023.48.0)

No auth needed

Prerequisites: Access to the local network (192.168.1.1 or 192.168.100.1) · Victim interaction to trigger the XSS payload

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://hackintoanetwork.com/blog/2023-starlink-router-gen2-xss-eng/

Scores

CVSS v3 6.8

EPSS 0.0033

EPSS Percentile 25.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352 CWE-79

Status published

Published Apr 05, 2024

Tracked Since Feb 18, 2026