CVE Vulnerability

CVE-2018-7355

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Vendor Advisory
https://www.exploit-db.com/exploits/46102/
Configurations

Configuration 1
Information

Published : 2018-09-26 04:29

Updated : 2019-01-10 11:29

NVD link : CVE-2018-7355

Mitre link : CVE-2018-7355

Products Affected
No products.
CWE
CWE-79