Описание
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-19941
- https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
- https://www.swisscom.ch/en/residential/help/device/internet-router.html
- https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html
Связанные уязвимости
CVSS3: 5.4
nvd
почти 6 лет назад
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.