Search criteria
3 vulnerabilities found for zxhn_f680_firmware by zte
FKIE_CVE-2022-23136
Vulnerability from fkie_nvd - Published: 2022-03-30 16:15 - Updated: 2024-11-21 06:48
Severity ?
Summary
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxhn_f680_firmware | 6.0.10p3n20 | |
| zte | zxhn_f680 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxhn_f680_firmware:6.0.10p3n20:*:*:*:*:*:*:*",
"matchCriteriaId": "B924E7AE-3CDD-43B6-A38E-45980CDAFDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxhn_f680:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4E706E-CAB7-4700-9F70-4CBFDA024D6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo XSS almacenada en el producto ZTE home gateway. Un atacante podr\u00eda modificar el nombre de la pasarela al insertar caracteres especiales y desencadenar un ataque de tipo XSS cuando el usuario visualiza la topolog\u00eda actual del dispositivo mediante la p\u00e1gina de administraci\u00f3n"
}
],
"id": "CVE-2022-23136",
"lastModified": "2024-11-21T06:48:04.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-30T16:15:11.400",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-23136 (GCVE-0-2022-23136)
Vulnerability from cvelistv5 – Published: 2022-03-30 16:01 – Updated: 2024-08-03 03:36
VLAI?
Summary
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Severity ?
No CVSS data available.
CWE
- stored XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:19.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXHN F680",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V6.0.10P3N20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T16:01:59",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2022-23136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXHN F680",
"version": {
"version_data": [
{
"version_value": "V6.0.10P3N20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-23136",
"datePublished": "2022-03-30T16:01:59",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-03T03:36:19.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23136 (GCVE-0-2022-23136)
Vulnerability from nvd – Published: 2022-03-30 16:01 – Updated: 2024-08-03 03:36
VLAI?
Summary
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Severity ?
No CVSS data available.
CWE
- stored XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:19.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXHN F680",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V6.0.10P3N20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T16:01:59",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2022-23136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXHN F680",
"version": {
"version_data": [
{
"version_value": "V6.0.10P3N20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-23136",
"datePublished": "2022-03-30T16:01:59",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-03T03:36:19.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}