Lucene search

[email protected]CVE-2020-15056

HistoryAug 07, 2020 - 10:15 p.m.

CVE-2020-15056

2020-08-0722:15:12

CWE-79

[email protected]

web.nvd.nist.gov

tp-link

tl-ps310u

usb network server

cve-2020-15056

persistent xss

network security

administrative privileges

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

AI Score

Confidence

High

2.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

12.6%

JSON

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.

Affected configurations

NVD

Node

tp-linktl-ps310u_firmwareRange<2.079.000.t0210

AND

tp-linktl-ps310uMatch-

CPENameOperatorVersion
tp-link:tl-ps310u_firmwaretp-link tl-ps310u firmwarelt2.079.000.t0210

CPE	Name	Operator	Version
tp-link:tl-ps310u_firmware	tp-link tl-ps310u firmware	lt	2.079.000.t0210

References

research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

AI Score

Confidence

High

2.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-15056

prion1 nvd1 cvelist1