EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Sep/13 | Exploit Mailing List Third Party Advisory |
https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2017-09-11 09:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-14268
Mitre link : CVE-2017-14268
CVE.ORG link : CVE-2017-14268
JSON object : View
Products Affected
ee
- 4gee_wifi_mbb_firmware
- 4gee_wifi_mbb
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')