Lucene search

[email protected]CVE-2018-9111

HistoryMay 10, 2018 - 3:29 a.m.

CVE-2018-9111

2018-05-1003:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2018-9111

cross site scripting

xss

foxconn femto

ap-fc4064

security vulnerability

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

24.1%

JSON

Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user’s browser.

Affected configurations

NVD

Node

foxconnap-fc4064-t_firmwareMatchap_gt_b38_5.8.3lb15-w47_lte

AND

foxconnap-fc4064-tMatch-

CPENameOperatorVersion
foxconn:ap-fc4064-t_firmwarefoxconn ap-fc4064-t firmwareeqap_gt_b38_5.8.3lb15-w47_lte

CPE	Name	Operator	Version
foxconn:ap-fc4064-t_firmware	foxconn ap-fc4064-t firmware	eq	ap_gt_b38_5.8.3lb15-w47_lte

References

gist.github.com/ChuanYuan-Huang/a92b8b32980123d5fa9bf5a8299114bf

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

24.1%

JSON

Related for CVE-2018-9111

prion1 cvelist1 nvd1