dl4343_firmware

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).

On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.

On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).