Lucene search

[email protected]CVE-2023-49260

HistoryJan 12, 2024 - 3:15 p.m.

CVE-2023-49260

2024-01-1215:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-49260

xss attack

motd banner

terminal_tool.cgi

vulnerability

security

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

An XSS attack can be performed by changing the MOTD banner and pointing the victim to the “terminal_tool.cgi” path. It can be used together with the vulnerability CVE-2023-49255.

Affected configurations

NVD

Node

hongdianh8951-4g-esp_firmwareRange<2310271149

AND

hongdianh8951-4g-espMatch-

CPENameOperatorVersion
hongdian:h8951-4g-esp_firmwarehongdian h8951-4g-esp firmwarelt2310271149 

CPE	Name	Operator	Version
hongdian:h8951-4g-esp_firmware	hongdian h8951-4g-esp firmware	lt	2310271149

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "H8951-4G-ESP",
    "vendor": "Hongdian",
    "versions": [
      {
        "lessThan": "2310271149",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/01/CVE-2023-49253/

cert.pl/posts/2024/01/CVE-2023-49253/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVE-2023-49260

cvelist2 nvd2 prion2 cve1