CVE-2022-23136

There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:zxhn_f680_firmware:6.0.10p3n20:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxhn_f680:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:48

Type Values Removed Values Added
References () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084 - Vendor Advisory () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084 - Vendor Advisory

07 Apr 2022, 17:05

Type Values Removed Values Added
CWE CWE-79
CPE cpe:2.3:o:zte:zxhn_f680_firmware:6.0.10p3n20:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxhn_f680:-:*:*:*:*:*:*:*
References (MISC) https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084 - (MISC) https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.4

30 Mar 2022, 16:30

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-30 16:15

Updated : 2024-11-21 06:48


NVD link : CVE-2022-23136

Mitre link : CVE-2022-23136

CVE.ORG link : CVE-2022-23136


JSON object : View

Products Affected

zte

  • zxhn_f680_firmware
  • zxhn_f680
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')