exploitDog

CVE-2014-9019

Опубликовано: 20 нояб. 2014

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:zte:zxdsl:831cii:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00182

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-p8wm-pg92-j5jw

github

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.

EPSS

Процентиль: 40%

0.00182

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352