Lucene search
HistoryNov 10, 2022 - 12:15 p.m.
CVE-2022-42786
w&t products
comserver series
xss attack
authenticated remote attacker
arbitrary web scripts
html
crafted payload
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.2%
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage
Affected configurations
Node
wutat-modem-emulator_firmwareRange<1.48
wutat-modem-emulatorMatch-
Node
wutcom-server_\+\+_firmwareRange<1.48
wutcom-server_\+\+Match-
Node
wutcom-server_20ma_firmwareRange<1.48
wutcom-server_20maMatch-
Node
wutcom-server_highspeed_100basefx_firmwareRange<1.76
wutcom-server_highspeed_100basefxMatch-
Node
wutcom-server_highspeed_100baselx_firmwareRange<1.76
wutcom-server_highspeed_100baselxMatch-
Node
wutcom-server_highspeed_19\"_1port_firmwareRange<1.76
wutcom-server_highspeed_19\"_1portMatch-
Node
wutcom-server_highspeed_19\"_4port_firmwareRange<1.76
wutcom-server_highspeed_19\"_4portMatch-
Node
wutcom-server_highspeed_compact_firmwareRange<1.76
wutcom-server_highspeed_compactMatch-
Node
wutcom-server_highspeed_industry_firmwareRange<1.76
wutcom-server_highspeed_industryMatch-
Node
wutcom-server_highspeed_isolatedMatch-
wutcom-server_highspeed_isolated_firmwareRange<1.76
Node
wutcom-server_highspeed_oemMatch-
wutcom-server_highspeed_oem_firmwareRange<1.76
Node
wutcom-server_highspeed_office_1portMatch-
wutcom-server_highspeed_office_1port_firmwareRange<1.76
Node
wutcom-server_highspeed_office_4portMatch-
wutcom-server_highspeed_office_4port_firmwareRange<1.76
Node
wutcom-server_highspeed_poeMatch-
wutcom-server_highspeed_poe_firmwareRange<1.76
Node
wutcom-server_highspeed_lcMatch-
wutcom-server_highspeed_lc_firmwareRange<1.48
Node
wutcom-server_highspeed_ulMatch-
wutcom-server_highspeed_ul_firmwareRange<1.48
Node
wutcom-server_highspeed_poe_3x_isolatedMatch-
wutcom-server_highspeed_poe_3x_isolated_firmwareRange<1.48
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wut | at-modem-emulator_firmware | * | cpe:2.3:o:wut:at-modem-emulator_firmware:*:*:*:*:*:*:*:* |
| wut | at-modem-emulator | - | cpe:2.3:h:wut:at-modem-emulator:-:*:*:*:*:*:*:* |
| wut | com-server_\+\+_firmware | * | cpe:2.3:o:wut:com-server_\+\+_firmware:*:*:*:*:*:*:*:* |
| wut | com-server_\+\+ | - | cpe:2.3:h:wut:com-server_\+\+:-:*:*:*:*:*:*:* |
| wut | com-server_20ma_firmware | * | cpe:2.3:o:wut:com-server_20ma_firmware:*:*:*:*:*:*:*:* |
| wut | com-server_20ma | - | cpe:2.3:h:wut:com-server_20ma:-:*:*:*:*:*:*:* |
| wut | com-server_highspeed_100basefx_firmware | * | cpe:2.3:o:wut:com-server_highspeed_100basefx_firmware:*:*:*:*:*:*:*:* |
| wut | com-server_highspeed_100basefx | - | cpe:2.3:h:wut:com-server_highspeed_100basefx:-:*:*:*:*:*:*:* |
| wut | com-server_highspeed_100baselx_firmware | * | cpe:2.3:o:wut:com-server_highspeed_100baselx_firmware:*:*:*:*:*:*:*:* |
| wut | com-server_highspeed_100baselx | - | cpe:2.3:h:wut:com-server_highspeed_100baselx:-:*:*:*:*:*:*:* |
References
Related
cvelist
cvelist
prion
prion
Design/Logic Flaw
2022-11-10 12:15:00
cve
cve
CVE-2022-42786
2022-11-10 12:15:10
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.2%
Related for NVD:CVE-2022-42786