mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
923 B
923 B
CVE-2019-19941
Description
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.
POC
Reference
- https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
- https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2019-19940ff.txt
Github
No PoCs found on GitHub currently.