Exploits / Vulnerability Discovered : 2019-01-09 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Zte mf65 bd_hdv6mf65v1.0.0b05 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
The Mobile Hotspot having the said firmware version doesn’t sanitize the input argument "cmd" used in the page "/goform_get_cmd_process". A malicious input held by the parameter in the URL could result to client-side script execution or HTML code injection.