Lucene search

[email protected]CVE-2014-9020

HistoryNov 20, 2014 - 5:50 p.m.

CVE-2014-9020

2014-11-2017:50:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-9020

cross-site scripting

xss

zte zxdsl 831

zte zxdsl 831cii

remote attackers

html injection

web script injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON

Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases.

Affected configurations

NVD

Node

ztezxdsl_831Match-

ztezxdsl_831ciiMatch-

CPENameOperatorVersion
zte:zxdsl_831zte zxdsl 831eq-
zte:zxdsl_831ciizte zxdsl 831ciieq-

CPE	Name	Operator	Version
zte:zxdsl_831	zte zxdsl 831	eq	-
zte:zxdsl_831cii	zte zxdsl 831cii	eq	-

References

packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html

packetstormsecurity.com/files/129017/ZTE-ZXDSL-831-Cross-Site-Scripting.html

www.securityfocus.com/archive/1/533930/100/0/threaded

www.securityfocus.com/archive/1/533931/100/0/threaded

www.securityfocus.com/bid/70984

www.securityfocus.com/bid/70985

exchange.xforce.ibmcloud.com/vulnerabilities/98584

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON

Related for CVE-2014-9020

cvelist2 cve1 packetstorm2 prion2 nvd2