CVE-2025-50740
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-08-07
Assigner: MITRE
Description
Description
AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hieromon | autoconnect | 1.4.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross site scripting (XSS) issue in AutoConnect 1.4.2, an Arduino library. It occurs because the AutoConnect web interface at /_ac/config allows execution of HTML or JavaScript code that is injected via a specially crafted network SSID.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability by crafting a malicious network SSID that, when processed by the AutoConnect web interface, executes arbitrary HTML or JavaScript code. This can lead to unauthorized actions, data theft, or compromise of the device's web interface.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70