CVE-2022-42786

Published: Nov 10, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD (Secondary)

Description

Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage

Affected (17)

Wut

17 products

At Modem Emulator Firmware

Com Server ++ Firmware

Com Server 20ma Firmware

Com Server Highspeed 100basefx Firmware

Com Server Highspeed 100baselx Firmware

Com Server Highspeed 19" 1port Firmware

Com Server Highspeed 19" 4port Firmware

Com Server Highspeed Compact Firmware

Com Server Highspeed Industry Firmware

Com Server Highspeed Isolated Firmware

Com Server Highspeed Oem Firmware

Com Server Highspeed Office 1port Firmware

Com Server Highspeed Office 4port Firmware

Com Server Highspeed Poe Firmware

Com Server Highspeed Lc Firmware

Com Server Highspeed Ul Firmware

Com Server Highspeed Poe 3x Isolated Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut At Modem Emulator Firmware	Before 1.48

Running on/with	Platform Versions
Wut At Modem Emulator	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server ++ Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server ++	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server 20ma Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server 20ma	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 100basefx Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 100basefx	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 100baselx Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 100baselx	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 19" 1port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 19" 1port	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed 19" 4port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed 19" 4port	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Compact Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Compact	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Industry Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Industry	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Isolated Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Isolated	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Oem Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Oem	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Office 1port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Office 1port	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Office 4port Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Office 4port	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Poe Firmware	Before 1.76

Running on/with	Platform Versions
Wut Com Server Highspeed Poe	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Lc Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server Highspeed Lc	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Ul Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server Highspeed Ul	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Wut Com Server Highspeed Poe 3x Isolated Firmware	Before 1.48

Running on/with	Platform Versions
Wut Com Server Highspeed Poe 3x Isolated	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://cert.vde.com/de/advisories/VDE-2022-043/

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/de/advisories/VDE-2022-043/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.