Sign-up

ID

VAR-202203-1938


CVE

CVE-2022-23136


TITLE

ZTE ZXHN F680 cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2023-99926 // CNNVD: CNNVD-202203-2543

DESCRIPTION

There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page. ZTE of zxhn f680 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. This vulnerability is caused by the lack of data verification filtering for user-provided data and output in the gateway name

Trust: 2.25

sources: NVD: CVE-2022-23136 // JVNDB: JVNDB-2022-007547 // CNVD: CNVD-2023-99926 // VULMON: CVE-2022-23136

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['network device']sub_category:gateway

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2023-99926

AFFECTED PRODUCTS

vendor:ztemodel:zxhn f680scope:eqversion:6.0.10p3n20

Trust: 1.0

vendor:ztemodel:zxhn f680scope:eqversion: -

Trust: 0.8

vendor:ztemodel:zxhn f680scope: - version: -

Trust: 0.8

vendor:ztemodel:zxhn f680scope:eqversion:zxhn f680 firmware 6.0.10p3n20

Trust: 0.8

vendor:ztemodel:zxhn f680 6.0.10p3n20scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-99926 // JVNDB: JVNDB-2022-007547 // NVD: CVE-2022-23136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-23136
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-23136
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-99926
value: LOW

Trust: 0.6

CNNVD: CNNVD-202203-2543
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-23136
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-23136
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2023-99926
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-23136
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-23136
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-99926 // VULMON: CVE-2022-23136 // JVNDB: JVNDB-2022-007547 // CNNVD: CNNVD-202203-2543 // NVD: CVE-2022-23136

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-007547 // NVD: CVE-2022-23136

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-2543

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202203-2543

PATCH

title:Patch for ZTE ZXHN F680 cross-site scripting vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/508401

Trust: 0.6

title:ZTE ZXHN F680 Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=188171

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2023-99926 // VULMON: CVE-2022-23136 // CNNVD: CNNVD-202203-2543

EXTERNAL IDS

db:NVDid:CVE-2022-23136

Trust: 4.0

db:ZTEid:1024084

Trust: 2.5

db:JVNDBid:JVNDB-2022-007547

Trust: 0.8

db:CNVDid:CNVD-2023-99926

Trust: 0.6

db:CS-HELPid:SB2022051604

Trust: 0.6

db:CNNVDid:CNNVD-202203-2543

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2022-23136

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2023-99926 // VULMON: CVE-2022-23136 // JVNDB: JVNDB-2022-007547 // CNNVD: CNNVD-202203-2543 // NVD: CVE-2022-23136

REFERENCES

url:https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1024084

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-23136

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2022051604

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-23136/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2023-99926 // VULMON: CVE-2022-23136 // JVNDB: JVNDB-2022-007547 // CNNVD: CNNVD-202203-2543 // NVD: CVE-2022-23136

SOURCES

db:OTHERid: -
db:CNVDid:CNVD-2023-99926
db:VULMONid:CVE-2022-23136
db:JVNDBid:JVNDB-2022-007547
db:CNNVDid:CNNVD-202203-2543
db:NVDid:CVE-2022-23136

LAST UPDATE DATE

2025-01-30T22:35:21.289000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-99926date:2023-12-22T00:00:00
db:VULMONid:CVE-2022-23136date:2022-04-07T00:00:00
db:JVNDBid:JVNDB-2022-007547date:2023-07-18T08:32:00
db:CNNVDid:CNNVD-202203-2543date:2022-05-17T00:00:00
db:NVDid:CVE-2022-23136date:2024-11-21T06:48:04.630

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-99926date:2023-12-22T00:00:00
db:VULMONid:CVE-2022-23136date:2022-03-30T00:00:00
db:JVNDBid:JVNDB-2022-007547date:2023-07-18T00:00:00
db:CNNVDid:CNNVD-202203-2543date:2022-03-30T00:00:00
db:NVDid:CVE-2022-23136date:2022-03-30T16:15:11.400