CVE Number – CVE-2018-20326
ChinaMobile PLC Wireless Router’s are vulnerable to a Reflected Cross Site Scripting (XSS).With this attack, the threat actor can steal cookies, session id, username or other sensitive information redirect an innocent victim to a malicious website, thus compromising the user.
Version: GPN2.4P21-C-CN (Firmware: W2001EN-00)
Further details – https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/ and https://packetstormsecurity.com/files/150918/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Scripting.html
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.