mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-12-13 18:34:37 +00:00
72 lines
2.6 KiB
JSON
72 lines
2.6 KiB
JSON
{
|
|
"id": "CVE-2025-26202",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2025-03-04T19:15:38.640",
|
|
"lastModified": "2025-03-05T16:15:40.130",
|
|
"vulnStatus": "Received",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the \"Click here to display\" option on the Status page"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Existe una vulnerabilidad de cross site scripting (XSS) en el campo Frase de contrase\u00f1a WPA/WAPI de la configuraci\u00f3n de seguridad inal\u00e1mbrica (bandas de 2,4 GHz y 5 GHz) en la interfaz web del enrutador DZS. Un atacante autenticado puede inyectar c\u00f3digo JavaScript malicioso en el campo de frase de contrase\u00f1a, que se almacena y se ejecuta posteriormente cuando un administrador ve la frase de contrase\u00f1a a trav\u00e9s de la opci\u00f3n \"Haga clic aqu\u00ed para visualizar\" en la p\u00e1gina de estado."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
|
|
"baseScore": 4.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 1.2,
|
|
"impactScore": 2.7
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://dzs.com",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://znid-gpon-2428b1-0st.com",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/A17-ba/CVE-2025-26202-Details",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/A17-ba/CVE-2025-26202-Details",
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
|
|
}
|
|
]
|
|
} |