Vulnerability Details CVE-2019-18842
A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2019-18842
-
cpe:2.3:h:usriot:usr-wifi232-g2:-
-
cpe:2.3:h:usriot:usr-wifi232-h:-
-
cpe:2.3:h:usriot:usr-wifi232-s:-
-
cpe:2.3:h:usriot:usr-wifi232-t:-
-
cpe:2.3:o:usriot:usr-wifi232-g2_firmware:1.2.2
-
cpe:2.3:o:usriot:usr-wifi232-h_firmware:1.2.2
-
cpe:2.3:o:usriot:usr-wifi232-s_firmware:1.2.2
-
cpe:2.3:o:usriot:usr-wifi232-t_firmware:1.2.2