CVE-2016-1207 (wn-g300r_firmware, wn-g300r2_firmware, wn-g300r3_firmware)
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Source: CVE-2016-1207 (wn-g300r_firmware, wn-g300r2_firmware, wn-g300r3_firmware)