Sign-up

ID

VAR-201705-4204


TITLE

Storage-type Cross-Site Scripting Vulnerability in Fusion Intelligent STB z84

Trust: 0.6

sources: CNVD: CNVD-2017-04101

DESCRIPTION

The integrated intelligent set-top box z84 is a set-top box product of Shenzhen Zhaoneng Xuntong Technology Co., Ltd. It is a device integrating wireless wifi and smart TV. It is a set-top box widely used by telecommunications in hotels and homes with smart TVs. The fused intelligent set-top box z84 has a stored cross-site scripting vulnerability in the background management device configuration, allowing attackers to use this vulnerability to insert malicious scripts at the input point, steal user cookies, or implement phishing attacks.

Trust: 0.6

sources: CNVD: CNVD-2017-04101

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04101

AFFECTED PRODUCTS

vendor:zhaoneng xuntongmodel:z84scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-04101

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-04101
value: LOW

Trust: 0.6

CNVD: CNVD-2017-04101
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-04101

PATCH

title:Storage-type Cross-Site Scripting Vulnerability in Fusion Intelligent STB z84url:https://www.cnvd.org.cn/patchinfo/show/91534

Trust: 0.6

sources: CNVD: CNVD-2017-04101

EXTERNAL IDS

db:CNVDid:CNVD-2017-04101

Trust: 0.6

sources: CNVD: CNVD-2017-04101

SOURCES

db:CNVDid:CNVD-2017-04101

LAST UPDATE DATE

2022-05-04T10:08:41.940000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-04101date:2019-05-07T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-04101date:2017-05-15T00:00:00