1. INFORMATION
--
[+] CVE: CVE-2022-43684
[+] Title : Insecure Access Control To Full Admin Compromise
[+] Vendor : ServiceNow
[+] Publication date : June 2023
[+] Credits: Luke Symons, Tony Wu, Eldar Marcussen, Gareth
Phillips, Jeff
Hi,
Mitre has provided the following with the CVE number: CVE-2017-5900
there is a Stored XSS vulnerability in a NetComm router's model NB16WV-02
running version NB16WV_R0.09, If authorized user is able to inject the
following string
POC:
Authenticated user is required:
http:///hdd.htm?rc=&S801F0
