ChinaMobile PLC Wireless Router Vulnerability [CVE-2018-20326]

CVE Number – CVE-2018-20326

ChinaMobile PLC Wireless Router’s are vulnerable to a Reflected Cross Site Scripting (XSS).With this attack, the threat actor can steal cookies, session id, username or other sensitive information redirect an innocent victim to a malicious website, thus compromising the user.

Version: GPN2.4P21-C-CN (Firmware: W2001EN-00)

Further details – https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/ and https://packetstormsecurity.com/files/150918/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Scripting.html

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: