Fiberhome AN5506-02-B Cross Site Scripting

Fiberhome AN5506-02-B with firmware version RP2521 suffers from a persistent cross site scripting vulnerability.

SHA-256 | 6468873259d857e4b7cda7bf2ece5a2b2508ecd08b9330bef4207248417b9146

# Exploit Title: FiberHome - AN5506-02-B - RP2521 - Authenticated Stored XSS
# Date: 10/08/2022
# Exploit Author: Leonardo Goncalves
# Version: Firmware RP2521

1) Log in the equipment via your web browser
2) Go to Network > auth_settings
3) In the "sncfg_loid" inject the payload "<script>alert()</script>"
4) Click Save
5) Exploit!

Related Posts