Lucene search

MitreCVE-2019-20072

HistoryDec 30, 2019 - 12:15 a.m.

CVE-2019-20072

2019-12-3000:15:11

CWE-79

mitre

web.nvd.nist.gov

netis

dl4323

xss

form2ddns

dynamic dns configuration

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).

Affected configurations

Nvd

Node

netis-systemsdl4343_firmwareMatch-

AND

netis-systemsdl4343Match-

VendorProductVersionCPE
netis-systemsdl4343_firmware-cpe:2.3:o:netis-systems:dl4343_firmware:-:*:*:*:*:*:*:*
netis-systemsdl4343-cpe:2.3:h:netis-systems:dl4343:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netis-systems	dl4343_firmware	-	cpe:2.3:o:netis-systems:dl4343_firmware:-:::::::*
netis-systems	dl4343	-	cpe:2.3:h:netis-systems:dl4343:-:::::::*

References

drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM

drive.google.com/open?id=1VPEX136-JaVDeY0JgQTqRNdMTPOhfEN7

fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-hostname-input.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

51.5%

JSON

Related for CVE-2019-20072