# Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection # Date: 2021-11-21 # Exploit Author: Mr Empy # Vendor Homepage: https://www.tem.ind.br/ # Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 # Version: 1.6.0 # Tested on: Android Title: ================ FLEX 1085 Web - HTML Injection Summary: ================ The FLEX 1085 Web appliance is vulnerable to an HTML injection attack that allows the injection of arbitrary HTML code. Severity Level: ================ 5.3 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Vulnerability Disclosure Schedule: ============================ * October 19, 2021: An email was sent to support at 6:08MP. * November 20, 2021: I didn't get any response from support. * November 21, 2021: Vulnerability Disclosure Affected Product: ================ FLEX 1085 Web v1.6.0 Steps to Reproduce: ================ 1. Open your browser and search for your device's IP address (http://<IP>). 2. Log in to the device's dashboard and go to "WiFi". 3. Use another device that has an access point and create a Wi-Fi network called "<h1>HTML Injection</h1>" (no double quotes) and activate the access point. (https://prnt.sc/20e4y88) 4. Go back to the FLEX device and when scanning the new WiFi networks, the new network will appear written "HTML Injection" in bold and with a larger font size. (http://prnt.sc/20e51li)