CVE-2023-0639

Published: Feb 2, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.

Affected (1)

Products: Trendnet: Tew 652brp Firmware

1 product

Tew 652brp Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendnet Tew 652brp Firmware	Version 3.04b01

Running on/with	Platform Versions
Trendnet Tew 652brp	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://vuldb.com/?ctiid.220019

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.220019

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?ctiid.220019

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.220019

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.