Details of VAR-201907-1715

ID

VAR-201907-1715

CVE

CVE-2019-13491

TITLE

Tenda D301 cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-35173 // CNNVD: CNNVD-201907-713

DESCRIPTION

Tenda D301 is a wireless router from China Tenda. There is a cross-site scripting vulnerability in Tenda D301 v2. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code.

Trust: 0.6

sources: CNVD: CNVD-2020-35173

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-35173

AFFECTED PRODUCTS

vendor:

tenda

model:

d301

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2020-35173

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-35173
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-713
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-35173
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-35173 // CNNVD: CNNVD-201907-713

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-713

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201907-713

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13491	Trust: 1.2
db:	EXPLOIT-DB	id:	47107	Trust: 1.2
db:	CNVD	id:	CNVD-2020-35173	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-713	Trust: 0.6

sources: CNVD: CNVD-2020-35173 // CNNVD: CNNVD-201907-713

REFERENCES

url:

https://www.exploit-db.com/exploits/47107

Trust: 1.2

sources: CNVD: CNVD-2020-35173 // CNNVD: CNNVD-201907-713

CREDITS

ABDO10

Trust: 0.6

sources: CNNVD: CNNVD-201907-713

SOURCES

db:	CNVD	id:	CNVD-2020-35173
db:	CNNVD	id:	CNNVD-201907-713

LAST UPDATE DATE

2022-05-04T09:16:23.773000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-35173	date:	2020-06-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-713	date:	2019-07-15T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-35173	date:	2020-06-30T00:00:00
db:	CNNVD	id:	CNNVD-201907-713	date:	2019-07-12T00:00:00