exploitDog

CVE-2022-40844

Опубликовано: 15 нояб. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body.

Ссылки

https://boschko.ca/tenda_ac1200_router/
Exploit
Technical Description
Third Party Advisory
https://boschko.ca/tenda_ac1200_router/
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:w15e_firmware:15.11.0.10\(1576\):*:*:*:*:*:*:*

cpe:2.3:h:tenda:w15e:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00264

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-v897-8cmv-r8gq

CVSS3: 5.4

github

около 3 лет назад

In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body.

EPSS

Процентиль: 50%

0.00264

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79