An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.
References
Link | Resource |
---|---|
http://misteralfa-hack.blogspot.com/2018/02/bacnet-entrando-en-materia.html | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-02-21 01:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-7278
Mitre link : CVE-2018-7278
CVE.ORG link : CVE-2018-7278
JSON object : View
Products Affected
rletech
- fds-pc_firmware
- fds-pc
- fds-pc-dp_firmware
- fds-pc-dp
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')