Описание
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2018.04.18-linux_4-01-601cb47 (включая)
Одновременно
cpe:2.3:o:martem:telem-gwm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:martem:telem-gwm:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 2018.04.18-linux_4-01-601cb47 (включая)
Одновременно
cpe:2.3:o:martem:telem-gw6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:martem:telem-gw6:-:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00449
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.
EPSS
Процентиль: 63%
0.00449
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79