Medium severity6.1NVD Advisory· Published Jan 6, 2020· Updated Jun 17, 2026
CVE-2019-18842
CVE-2019-18842
Description
A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID.
Affected products
2- Jinan USR IOT/USR-WIFI232-S/T/G2/H Low Power WiFi Moduledescription
- Range: = 1.2.2
Patches
Vulnerability mechanics
References
1- www.tildeho.me/theres-javascript-in-my-power-plug/nvdExploitThird Party AdvisoryURL Repurposed
News mentions
0No linked articles in our index yet.