github - ghsa-4x3g-rx2f-4px7

GHSA-4X3G-RX2F-4PX7

Vulnerability from github – Published: 2023-02-02 09:30 – Updated: 2023-02-10 03:30

Details

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-0639"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-02T09:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.",
  "id": "GHSA-4x3g-rx2f-4px7",
  "modified": "2023-02-10T03:30:19Z",
  "published": "2023-02-02T09:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0639"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.220019"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.220019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-0639 (GCVE-0-2023-0639)

Vulnerability from cvelistv5 – Published: 2023-02-02 08:10 – Updated: 2024-08-02 05:17

Summary

Severity ?

2.4 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

2.4 (Low)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-79 - Cross Site Scripting

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.220019	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.220019	signature

Impacted products

	Vendor	Product	Version
	TRENDnet	TEW-652BRP	Affected: 3.04b01

Credits

leetsun (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:17:50.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.220019"
          },
          {
            "tags": [
              "signature",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.220019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Management Interface"
          ],
          "product": "TEW-652BRP",
          "vendor": "TRENDnet",
          "versions": [
            {
              "status": "affected",
              "version": "3.04b01"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "leetsun (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019."
        },
        {
          "lang": "de",
          "value": "Eine problematische Schwachstelle wurde in TRENDnet TEW-652BRP 3.04b01 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei get_set.ccp der Komponente Web Management Interface. Durch Manipulieren des Arguments nextPage mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T19:59:07.796Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.220019"
        },
        {
          "tags": [
            "signature"
          ],
          "url": "https://vuldb.com/?ctiid.220019"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-02T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-02-02T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-02-02T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-03-01T16:54:14.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TRENDnet TEW-652BRP Web Management Interface get_set.ccp cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-0639",
    "datePublished": "2023-02-02T08:10:13.488Z",
    "dateReserved": "2023-02-02T08:09:35.755Z",
    "dateUpdated": "2024-08-02T05:17:50.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-4X3G-RX2F-4PX7

CVE-2023-0639 (GCVE-0-2023-0639)

Tags

Sightings

Nomenclature