Find a vulnerability
Search criteria
1 vulnerability found for usr-wifi232-g2 by usriot
VAR-202001-0302
Vulnerability from variot - Updated: 2025-01-30 21:50A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID. USR-WIFI232-S/T/G2/H Low Power WiFi Module Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. USR IOT USR-WIFI232-S, etc. are all low-power serial wireless WIFI modules of China's U-Tech Internet of Things (USR IOT) company. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code. The following products and versions are affected: USR IOT USR-WIFI232-S using firmware version 1.2.2; USR IOT USR-WIFI232-T using firmware version 1.2.2; USR IOT USR-WIFI232- using firmware version 1.2.2 G2; USR IOT USR-WIFI232-H using firmware version 1.2.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0302",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usr-wifi232-g2",
"scope": "eq",
"trust": 1.0,
"vendor": "usriot",
"version": "1.2.2"
},
{
"model": "usr-wifi232-h",
"scope": "eq",
"trust": 1.0,
"vendor": "usriot",
"version": "1.2.2"
},
{
"model": "usr-wifi232-t",
"scope": "eq",
"trust": 1.0,
"vendor": "usriot",
"version": "1.2.2"
},
{
"model": "usr-wifi232-s",
"scope": "eq",
"trust": 1.0,
"vendor": "usriot",
"version": "1.2.2"
},
{
"model": "usr-wifi232-g2",
"scope": "eq",
"trust": 0.8,
"vendor": "jinan usr iot",
"version": "1.2.2"
},
{
"model": "usr-wifi232-h",
"scope": "eq",
"trust": 0.8,
"vendor": "jinan usr iot",
"version": "1.2.2"
},
{
"model": "usr-wifi232-s",
"scope": "eq",
"trust": 0.8,
"vendor": "jinan usr iot",
"version": "1.2.2"
},
{
"model": "usr-wifi232-t",
"scope": "eq",
"trust": 0.8,
"vendor": "jinan usr iot",
"version": "1.2.2"
},
{
"model": "iot usr-wifi232-s/t/g2/h low power wifi module",
"scope": "eq",
"trust": 0.6,
"vendor": "usr",
"version": "1.2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03018"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
},
{
"db": "NVD",
"id": "CVE-2019-18842"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:usriot:usr-wifi232-g2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:usriot:usr-wifi232-h_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:usriot:usr-wifi232-s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:usriot:usr-wifi232-t_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
}
]
},
"cve": "CVE-2019-18842",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-18842",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-03018",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-18842",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18842",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18842",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-18842",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-03018",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-132",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-18842",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03018"
},
{
"db": "VULMON",
"id": "CVE-2019-18842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-132"
},
{
"db": "NVD",
"id": "CVE-2019-18842"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by opening a Wi-Fi access point nearby with a malicious SSID. USR-WIFI232-S/T/G2/H Low Power WiFi Module Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. USR IOT USR-WIFI232-S, etc. are all low-power serial wireless WIFI modules of China\u0027s U-Tech Internet of Things (USR IOT) company. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code. The following products and versions are affected: USR IOT USR-WIFI232-S using firmware version 1.2.2; USR IOT USR-WIFI232-T using firmware version 1.2.2; USR IOT USR-WIFI232- using firmware version 1.2.2 G2; USR IOT USR-WIFI232-H using firmware version 1.2.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
},
{
"db": "CNVD",
"id": "CNVD-2020-03018"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-132"
},
{
"db": "VULMON",
"id": "CVE-2019-18842"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18842",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014076",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-03018",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-132",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-18842",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-03018"
},
{
"db": "VULMON",
"id": "CVE-2019-18842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-132"
},
{
"db": "NVD",
"id": "CVE-2019-18842"
}
]
},
"id": "VAR-202001-0302",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-03018"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"network device"
],
"sub_category": "access point",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-03018"
}
]
},
"last_update_date": "2025-01-30T21:50:52.300000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.usriot.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
},
{
"db": "NVD",
"id": "CVE-2019-18842"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tildeho.me/theres-javascript-in-my-power-plug/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18842"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18842"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-03018"
},
{
"db": "VULMON",
"id": "CVE-2019-18842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-132"
},
{
"db": "NVD",
"id": "CVE-2019-18842"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2020-03018"
},
{
"db": "VULMON",
"id": "CVE-2019-18842"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-132"
},
{
"db": "NVD",
"id": "CVE-2019-18842"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03018"
},
{
"date": "2020-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18842"
},
{
"date": "2020-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014076"
},
{
"date": "2020-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-132"
},
{
"date": "2020-01-06T21:15:11.567000",
"db": "NVD",
"id": "CVE-2019-18842"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03018"
},
{
"date": "2020-01-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18842"
},
{
"date": "2020-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014076"
},
{
"date": "2020-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-132"
},
{
"date": "2024-11-21T04:33:41.673000",
"db": "NVD",
"id": "CVE-2019-18842"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-132"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "USR-WIFI232-S/T/G2/H Low Power WiFi Module Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014076"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-132"
}
],
"trust": 0.6
}
}