CVE-2021-40517

Vulnerability

Airangel HSMX Gateway devices through version 5.2.04 are vulnerable to stored cross-site scripting (XSS). The XSS payload is placed in the name column of the updates table using database access [1]. This means an attacker with the ability to write to the database can inject arbitrary JavaScript code that will be stored and later executed when the table is rendered in the web interface.

Exploitation

An attacker requires database write access to insert a malicious payload into the name field of the updates table. This access could be obtained through SQL injection, compromised credentials, or other means. No user interaction is needed for the stored XSS to execute; any user viewing the updates table will trigger the payload in their browser.

Impact

Successful exploitation allows arbitrary JavaScript execution in the context of the victim's browser session. This can lead to session hijacking, defacement of the web interface, or redirection to malicious sites. The compromise is limited to the web application layer and does not directly affect the underlying device OS.

Mitigation

As of the publication date (2021-11-10), no official patch has been released. Users should restrict database access to trusted administrators and implement input sanitization for the name field. The vendor's product page [1] does not mention a fix. If the device is end-of-life, consider upgrading to a supported alternative.