Lucene search

[email protected]CVE-2018-7355

HistorySep 26, 2018 - 4:29 p.m.

CVE-2018-7355

2018-09-2616:29:01

CWE-79

[email protected]

web.nvd.nist.gov

zte

mf65

mf65m1

v1.0.0b05

xss

vulnerability

web security

input validation

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

47.2%

JSON

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.

Affected configurations

NVD

Node

ztemf65_firmwareRange≤1.0.0b05

AND

ztemf65Match-

Node

ztemf65m1_firmwareRange≤1.0.0b02

AND

ztemf65m1Match-

CPENameOperatorVersion
zte:mf65_firmwarezte mf65 firmwarele1.0.0b05

CPE	Name	Operator	Version
zte:mf65_firmware	zte mf65 firmware	le	1.0.0b05

CNA Affected

[
  {
    "product": "MF65",
    "vendor": "ZTE",
    "versions": [
      {
        "lessThanOrEqual": "V1.0.0B05",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "MF65M1",
    "vendor": "ZTE",
    "versions": [
      {
        "lessThanOrEqual": "V1.0.0B02",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]