Lucene search

[email protected]CVE-2020-23617

HistoryMay 02, 2022 - 11:15 p.m.

CVE-2020-23617

2022-05-0223:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-23617

cross site scripting

xss vulnerability

totolink n200re

totolink n100re

routers 2.0

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.5%

JSON

A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.

Affected configurations

NVD

Node

totolinkn200reMatch-

AND

totolinkn200re_firmwareMatch2.0

Node

totolinkn100reMatch-

AND

totolinkn100re_firmwareMatch2.0

CPENameOperatorVersion
totolink:n200re_firmwaretotolink n200re firmwareeq2.0

CPE	Name	Operator	Version
totolink:n200re_firmware	totolink n200re firmware	eq	2.0

References

totolink.net/

gist.github.com/fuzzKitty/8ca2587213874e94e5c0aedf346c18b1

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.5%

JSON

Related for CVE-2020-23617

cnvd1 cvelist1 nvd1 prion1