漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cross-site scripting via dst parameter in RouterOS WiFi hotspot
Vulnerability Description
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker's account) and triggers the payload.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
MikroTik RouterOS 安全漏洞
Vulnerability Description
MikroTik RouterOS是拉脱维亚MikroTik公司的一套基于Linux开发的路由器操作系统。该系统可部署在PC中,使其提供路由器功能。 MikroTik RouterOS 7.19.2之前版本存在安全漏洞,该漏洞源于跨站脚本攻击,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A