XSS Vulnerability in ZTE Home Gateway Product

Original release date: March 30, 2022

 

CVE ID

CVE-2022-23136

 

CVSS 3.1 Base Score

4.3  Medium (AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)

 

Description

There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXHN F680

 V6.0.10P3N20

 V6.0.10P1N34

 

Source

The vulnerability was found by ZTE's internal test.

 

Update Records

 March 30, 2022, initial. 

 

Version Update Method

Please contact ZTE Global Customer Support Center to obtain the upgraded version.

 

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html

[Close]