Описание
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-430:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:chiyu-tech:bf-431_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-431:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:chiyu-tech:bf-450m_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:chiyu-tech:bf-450m:-:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.89372
Высокий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
EPSS
Процентиль: 100%
0.89372
Высокий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79