Lucene search

MitreCVE-2018-5967

HistoryJan 25, 2018 - 8:29 a.m.

CVE-2018-5967

2018-01-2508:29:00

CWE-79

mitre

web.nvd.nist.gov

netis

wf2419

v2.2.36123

xss

bandwidth control rule settings

information security

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

17.5%

JSON

Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.

Affected configurations

Nvd

Node

netis-systemswf2419_firmwareMatch2.2.36123

AND

netis-systemswf2419Match-

VendorProductVersionCPE
netis-systemswf2419_firmware2.2.36123cpe:2.3:o:netis-systems:wf2419_firmware:2.2.36123:*:*:*:*:*:*:*
netis-systemswf2419-cpe:2.3:h:netis-systems:wf2419:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netis-systems	wf2419_firmware	2.2.36123	cpe:2.3:o:netis-systems:wf2419_firmware:2.2.36123:::::::*
netis-systems	wf2419	-	cpe:2.3:h:netis-systems:wf2419:-:::::::*

References

packetstormsecurity.com/files/145513/Netis-WF2419-HTML-Injection.html

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

17.5%

JSON

Related for CVE-2018-5967