exploitDog

CVE-2014-4871

Опубликовано: 07 окт. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.

Ссылки

http://www.kb.cert.org/vuls/id/941108
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/70253
http://www.kb.cert.org/vuls/id/941108
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/70253

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:netcommwireless:nb604n_firmware:*:*:*:*:*:*:*:*

Версия до gan5.cz56t-b-nc.au-r4b010.en (включая)

cpe:2.3:h:netcommwireless:nb604n:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00909

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-p92w-6px6-8hjc

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.

EPSS

Процентиль: 75%

0.00909

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79