### Stored Cross-Site Scripting (Authenticated) in SYROTECH SY-GOPON-1000-2WONU V2.1.7_X116 devices
Syrotech is a company based on India, that manufactures compatible optical
transceivers, GPON/EPON, networking switches, CATV equipment, FTTH passive
products, testing equipment and accessories.
More Info: <https://www.syrotech.com/About-us.html>
The tested device was SYROTECH SY-GOPON-1000-2WONU V2.1.7_X116+

After logging in with the default credentials of **admin:admin** I've noticed
that in the Security tab at the WAN ACL sub-menu is possible to inject
arbitrary Javascript code in the URL field

After saving the URL automatically pops the alertbox

@xpl0ited1
暂无评论