exploitDog

CVE-2014-0337

Опубликовано: 05 апр. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view.

Ссылки

http://www.kb.cert.org/vuls/id/917700
US Government Resource
http://www.kb.cert.org/vuls/id/917700
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:echo_life_hg8247_firmware:v1r006c00s120:*:*:*:*:*:*:*

cpe:2.3:h:huawei:echo_life:hg8247:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00273

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-25v3-4g35-grj3

github

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view.

EPSS

Процентиль: 50%

0.00273

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79