exploitDog

CVE-2019-17524

Опубликовано: 13 нояб. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.

Ссылки

https://gitlab.com/luiss/cve_repo/blob/master/CVE-2019-17523/README.md
Exploit
Third Party Advisory
https://www.technicolor.com/news
Product
https://gitlab.com/luiss/cve_repo/blob/master/CVE-2019-17523/README.md
Exploit
Third Party Advisory
https://www.technicolor.com/news
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:technicolor:tc7300.b0_firmware:stfa.51.20:*:*:*:*:*:*:*

cpe:2.3:h:technicolor:tc7300.b0:-:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.0015

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gq4x-x487-jm2q

github

больше 3 лет назад

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.

EPSS

Процентиль: 36%

0.0015

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79