Sign in

In August 2020 I discovered multiple vulnerabilities in Samsung WLAN AP WEA453e, including a pre-auth root RCE, which means an attacker could run code as root remotely without logging in.

Vulnerability #1: XSS

The first thing I found is an interesting reflected parameter in the form of an error message when navigating to a nonexistent path:

I tried the most standard XSS payload “<script>alert(1)</script>” and sure enough an alert popped:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store