Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-36146 PoC — Multilaser RE170 跨站脚本漏洞

Source
https://github.com/leonardobg/CVE-2023-36146
Associated Vulnerability
Title:Multilaser RE170 跨站脚本漏洞 (CVE-2023-36146)
Description:A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.
Readme
# CVE-2023-36146

PoC of CVE-2023-36146 - Multilaser RE 170 Firmware 2.2.6733

## Authenticated stored Cross Site Scripting


## Steps to Reproduce:

1. Log in the equipment via your web browser
2. Go to Security > IP Filtering
3. In the "Description" field inject the payload "<image/src/onerror=prompt(8)>"
4. Click Add
5. Exploit!
File Snapshot

 [4.0K]  /data/pocs/2195901e8825ca38ce867d69ad2973d6b170736d
└── [ 334]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →