in CVE vulnerabilities ~ read.

CVE-2018-7473 - Open URL Redirection Vulnerability

The So Wifi hotspot web interface is vulnerable to an open redirect attack. The web application fails to properly sanitize untrusted input, thus allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.

Product Affected: So Wifi hotspot

Version Affected: Firmware version was 137

Vulnerability Description: The So Wifi hotspot web interface is vulnerable to an open redirect attack. The web application fails to properly sanitize untrusted input, thus allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.

Remediation: This issue has been addresses since firmware version 140. The input is validated against a list of trusted url’s.

CVSS Score: 7.4

Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Acknowledgments: Emmanouil Angelakis of NeuroSoft S.A. (Redyops Team).