Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.
References
Link | Resource |
---|---|
https://advisories.stormshield.eu/2020-001/ | Vendor Advisory |
https://www.digitemis.com/2020/02/24/digitemis-decouvre-une-vulnerabilite-au-sein-dun-produit-stormshield-cve-2020-8430/ | Third Party Advisory |
https://www.digitemis.com/category/blog/actualite/ | Broken Link |
https://www.stormshield.com/products/sn310/ | Product Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Jun 2021, 13:27
Type | Values Removed | Values Added |
---|---|---|
CPE |
26 May 2021, 15:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.digitemis.com/category/blog/actualite/ - Broken Link | |
References | (MISC) https://www.stormshield.com/products/sn310/ - Product, Vendor Advisory | |
CPE | cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* |
Information
Published : 2020-04-13 16:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-8430
Mitre link : CVE-2020-8430
CVE.ORG link : CVE-2020-8430
JSON object : View
Products Affected
stormshield
- stormshield_network_security
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')