Sign-up

ID

VAR-201809-1172


CVE

CVE-2018-7355


TITLE

ZTE MF65 and ZTE MF65M1 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-20066 // CNNVD: CNNVD-201809-1206

DESCRIPTION

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. ZTEMF65 and ZTEMF65M1 are both wireless network card products of China ZTE Corporation (ZTE). The vulnerability stems from a program failing to properly filter input. A remote attacker could exploit the vulnerability to corrupt the device by injecting malicious JavaScript code into the URL link

Trust: 2.25

sources: NVD: CVE-2018-7355 // JVNDB: JVNDB-2018-010369 // CNVD: CNVD-2018-20066 // VULHUB: VHN-137387

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20066

AFFECTED PRODUCTS

vendor:ztemodel:mf65scope:lteversion:1.0.0b05

Trust: 1.8

vendor:ztemodel:mf65m1scope:lteversion:1.0.0b02

Trust: 1.8

vendor:ztemodel:mf65 <v1.0.0b05scope: - version: -

Trust: 0.6

vendor:ztemodel:mf65m1 <v1.0.0b02scope: - version: -

Trust: 0.6

vendor:ztemodel:mf65scope:eqversion:1.0.0b05

Trust: 0.6

vendor:ztemodel:mf65m1scope:eqversion:1.0.0b02

Trust: 0.6

sources: CNVD: CNVD-2018-20066 // JVNDB: JVNDB-2018-010369 // CNNVD: CNNVD-201809-1206 // NVD: CVE-2018-7355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7355
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7355
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20066
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201809-1206
value: MEDIUM

Trust: 0.6

VULHUB: VHN-137387
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7355
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20066
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-137387
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7355
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20066 // VULHUB: VHN-137387 // JVNDB: JVNDB-2018-010369 // CNNVD: CNNVD-201809-1206 // NVD: CVE-2018-7355

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-137387 // JVNDB: JVNDB-2018-010369 // NVD: CVE-2018-7355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1206

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201809-1206

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010369

PATCH
title:Statement of Vulnerabilities in ZTE MF65 and MF65M1url:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483
Trust: 0.8
title:Patch for ZTEMF65 and ZTEMF65M1 Cross-Site Scripting Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/141193
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-20066 // 
            
            
            
            JVNDB: JVNDB-2018-010369

EXTERNAL IDS
db:NVDid:CVE-2018-7355
Trust: 3.1
db:ZTEid:1009483
Trust: 2.3
db:EXPLOIT-DBid:46102
Trust: 1.1
db:JVNDBid:JVNDB-2018-010369
Trust: 0.8
db:CNNVDid:CNNVD-201809-1206
Trust: 0.7
db:CNVDid:CNVD-2018-20066
Trust: 0.6
db:PACKETSTORMid:151072
Trust: 0.1
db:VULHUBid:VHN-137387
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-20066 // 
            
            
            
            VULHUB: VHN-137387 // 
            
            
            
            JVNDB: JVNDB-2018-010369 // 
            
            
            
            CNNVD: CNNVD-201809-1206 // 
            
            
            
            NVD: CVE-2018-7355

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009483
Trust: 2.3
url:https://www.exploit-db.com/exploits/46102/
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7355
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7355
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-20066 // 
            
            
            
            VULHUB: VHN-137387 // 
            
            
            
            JVNDB: JVNDB-2018-010369 // 
            
            
            
            CNNVD: CNNVD-201809-1206 // 
            
            
            
            NVD: CVE-2018-7355

SOURCES
db:CNVDid:CNVD-2018-20066
db:VULHUBid:VHN-137387
db:JVNDBid:JVNDB-2018-010369
db:CNNVDid:CNNVD-201809-1206
db:NVDid:CVE-2018-7355

LAST UPDATE DATE
2024-11-23T22:17:18.058000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-20066date:2018-09-29T00:00:00
db:VULHUBid:VHN-137387date:2019-01-10T00:00:00
db:JVNDBid:JVNDB-2018-010369date:2018-12-13T00:00:00
db:CNNVDid:CNNVD-201809-1206date:2018-09-27T00:00:00
db:NVDid:CVE-2018-7355date:2024-11-21T04:12:03.540

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-20066date:2018-09-28T00:00:00
db:VULHUBid:VHN-137387date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010369date:2018-12-13T00:00:00
db:CNNVDid:CNNVD-201809-1206date:2018-09-27T00:00:00
db:NVDid:CVE-2018-7355date:2018-09-26T16:29:01.673