Personal Fav. #2:
Persistent XSS on logs page
çWeb server enabled on WAN but pass-protected
çAttacker doesn’t need to login to web console
çMalformed request to web server injects malicious payload on logs page
çAdmin browses vulnerable page while logged in and device is compromised
¼ie: new admin account is added
ç
ç