VAR-201712-0186
Vulnerability from variot - Updated: 2025-04-20 23:15The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. The Dell2335dn and 2355dn are Dell's versatile laser printers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "2335dn",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.70.06.26_a13"
},
{
"model": "2355dn",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.70.45.34_a10"
},
{
"model": "2335dn",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.70.06.26 a13"
},
{
"model": "2355dn",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.70.45.34 a10"
},
{
"model": "2335dn",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "2355dn",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00309"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
},
{
"db": "NVD",
"id": "CVE-2017-14386"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:dell:2335dn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dell:2355dn_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
}
]
},
"cve": "CVE-2017-14386",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-14386",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-00309",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-14386",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14386",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-14386",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-00309",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-446",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-14386",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00309"
},
{
"db": "VULMON",
"id": "CVE-2017-14386"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-446"
},
{
"db": "NVD",
"id": "CVE-2017-14386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user\u0027s browser session in the context of the affected website. The Dell2335dn and 2355dn are Dell\u0027s versatile laser printers",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14386"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
},
{
"db": "CNVD",
"id": "CNVD-2018-00309"
},
{
"db": "VULMON",
"id": "CVE-2017-14386"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14386",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011311",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00309",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-446",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-14386",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00309"
},
{
"db": "VULMON",
"id": "CVE-2017-14386"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-446"
},
{
"db": "NVD",
"id": "CVE-2017-14386"
}
]
},
"id": "VAR-201712-0186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00309"
}
],
"trust": 1.3708333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00309"
}
]
},
"last_update_date": "2025-04-20T23:15:50.172000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell 2355DN Firmware",
"trust": 0.8,
"url": "http://www.dell.com/support/home/jp/ja/jpbsd1/drivers/driversdetails?driverId=782W3"
},
{
"title": "Dell 2335DN Firmware",
"trust": 0.8,
"url": "http://www.dell.com/support/home/jp/ja/jpbsd1/drivers/driversdetails?driverId=CG55V"
},
{
"title": "Patch for Dell2335dn and 2355dn Cross-Site Scripting Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/112681"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00309"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
},
{
"db": "NVD",
"id": "CVE-2017-14386"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=cg55v"
},
{
"trust": 1.7,
"url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=782w3"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14386"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14386"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00309"
},
{
"db": "VULMON",
"id": "CVE-2017-14386"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-446"
},
{
"db": "NVD",
"id": "CVE-2017-14386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00309"
},
{
"db": "VULMON",
"id": "CVE-2017-14386"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-446"
},
{
"db": "NVD",
"id": "CVE-2017-14386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00309"
},
{
"date": "2017-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14386"
},
{
"date": "2018-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011311"
},
{
"date": "2017-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-446"
},
{
"date": "2017-12-07T19:29:00.257000",
"db": "NVD",
"id": "CVE-2017-14386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00309"
},
{
"date": "2017-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14386"
},
{
"date": "2018-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011311"
},
{
"date": "2017-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-446"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-14386"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-446"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell 2335DN and 2355DN Multi-site laser printer firmware cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011311"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-446"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…