CVE ID : | CVE-2016-11014 | | This flaw may allow a successful attacker to do anything gaining the privilege of the router being in LAN/WAN. | CVE ID : | CVE-2016-11015 | | Using this flaw, an attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use. | CVE ID : | CVE-2016-11016 | | Created a forged request changing the value of any variable, here it is *:InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL *variable in the URL http://router-ip/cgi-bin/webproc and sent it to victim forcing him/her to click on the malicious link |
Solution : https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) |