CVE-2020-23617

Published: May 2, 2022Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.

Affected (2)

Products: Totolink: N200re Firmware, N100re Firmware

Totolink

2 products

N200re Firmware

N100re Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N200re Firmware	Version 2.0

Running on/with	Platform Versions
Totolink N200re	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink N100re Firmware	Version 2.0

Running on/with	Platform Versions
Totolink N100re	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://totolink.net/

Source: cve@mitre.org

Product

https://gist.github.com/fuzzKitty/8ca2587213874e94e5c0aedf346c18b1

Source: cve@mitre.org

Third Party Advisory

http://totolink.net/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://gist.github.com/fuzzKitty/8ca2587213874e94e5c0aedf346c18b1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.