Search criteria
2 vulnerabilities found for zxhn_f680_firmware by zte
CVE-2022-23136 (GCVE-0-2022-23136)
Vulnerability from nvd – Published: 2022-03-30 16:01 – Updated: 2024-08-03 03:36
VLAI
Summary
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Severity
No CVSS data available.
CWE
- stored XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:19.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXHN F680",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V6.0.10P3N20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T16:01:59.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2022-23136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXHN F680",
"version": {
"version_data": [
{
"version_value": "V6.0.10P3N20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-23136",
"datePublished": "2022-03-30T16:01:59.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:19.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23136 (GCVE-0-2022-23136)
Vulnerability from cvelistv5 – Published: 2022-03-30 16:01 – Updated: 2024-08-03 03:36
VLAI
Summary
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Severity
No CVSS data available.
CWE
- stored XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:19.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXHN F680",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V6.0.10P3N20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T16:01:59.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2022-23136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXHN F680",
"version": {
"version_data": [
{
"version_value": "V6.0.10P3N20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-23136",
"datePublished": "2022-03-30T16:01:59.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:36:19.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}