Описание
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.
Ссылки
- ExploitVendor Advisory
- Product
- ExploitVendor Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 6.14.06 (исключая)
Одновременно
cpe:2.3:o:swisscom:centro_grande_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:swisscom:centro_grande:-:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.
EPSS
Процентиль: 42%
0.00203
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79