An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS.
Published February 17, 2020.
Cambiumnetworks Xh2-120 Firmware
Cambiumnetworks Xr620 Firmware
Cambiumnetworks Xr2436 Firmware
Cambiumnetworks Xr520 Firmware