Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.

AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.

AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.

AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.