| CVE ID : |
CVE-2016-11014 |
|
This flaw may allow a successful attacker to do anything gaining the privilege of the router being in LAN/WAN. |
| CVE ID : |
CVE-2016-11015 |
|
Using this flaw, an attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use. |
| CVE ID : |
CVE-2016-11016 |
|
Created a forged request changing the value of any variable, here it is *:InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL *variable in the URL http://router-ip/cgi-bin/webproc and sent it to victim forcing him/her to click on the malicious link |
Solution :
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) |
