Details of VAR-201410-1422

ID

VAR-201410-1422

TITLE

ZTE ZXDSL 531BII 'ntwksum2.cgi' HTML Injection Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-08203 // BID: 71005

DESCRIPTION

ZTE ZXDSL is an ADSL device. ZTE ZXDSL 531BII is a wireless cat router product of China ZTE Corporation. There is an HTML injection vulnerability in ZTE ZXDSL 531BII, which originates from the program's insufficient filtering of input submitted by users. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication and launching other attacks. Vulnerabilities exist in ZXDSL 531BII using V7.3.0f_D09_IN firmware, other versions may also be affected

Trust: 1.35

sources: CNVD: CNVD-2014-08203 // CNNVD: CNNVD-201411-214 // BID: 71005

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08203

AFFECTED PRODUCTS

vendor:	zte	model:	531bii running v7.3.0f d09 in	scope:	-	version:	-	Trust: 0.6
vendor:	zte	model:	zxdsl 531bii v7.3.0f d09 in	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-08203 // BID: 71005

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-08203
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-08203
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-08203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-214

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 71005

EXTERNAL IDS

db:	BID	id:	71005	Trust: 1.5
db:	CNVD	id:	CNVD-2014-08203	Trust: 0.6
db:	CNNVD	id:	CNNVD-201411-214	Trust: 0.6

sources: CNVD: CNVD-2014-08203 // BID: 71005 // CNNVD: CNNVD-201411-214

REFERENCES

url:	http://www.securityfocus.com/bid/71005	Trust: 1.2
url:	http://www.zte.com.cn/	Trust: 0.3

sources: CNVD: CNVD-2014-08203 // BID: 71005 // CNNVD: CNNVD-201411-214

CREDITS

Ravi Rajput

Trust: 0.9

sources: BID: 71005 // CNNVD: CNNVD-201411-214

SOURCES

db:	CNVD	id:	CNVD-2014-08203
db:	BID	id:	71005
db:	CNNVD	id:	CNNVD-201411-214

LAST UPDATE DATE

2022-05-17T02:07:12.496000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08203	date:	2014-11-12T00:00:00
db:	BID	id:	71005	date:	2014-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201411-214	date:	2014-11-15T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08203	date:	2014-11-12T00:00:00
db:	BID	id:	71005	date:	2014-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201411-214	date:	2014-10-31T00:00:00