Intelbras ATA 200 with firmware version 74.19.10.21 suffers from a persistent cross site scripting vulnerability.
e356bd5406aa48762a1618d1a835ba31ee602d213580bd449699352c7cdfb239
# Exploit Title: Intelbras ATA 200 Authenticated Stored XSS
# Date: 17/01/2022
# Exploit Author: Leonardo Goncalves
# Vendor Homepage: https://www.intelbras.com/pt-br/adaptador-ip-para-telefones-analogicos-ata-200
# Version: Firmware 74.19.10.21
1) Log in the equipment via your web browser
2) Go to Management > Syslog
3) In the "Field Server Address" inject the payload "-prompt("XSS")-"
4) Click Save
5) Exploit