Cross-Site Scripting Vulnerability in Netis DL4323 Devices
CVE-2019-20073

6.1MEDIUM

Key Information:

Vendor

Netis-systems

Status
Dl4343 Firmware
Vendor
CVE Published:
30 December 2019

What is CVE-2019-20073?

Netis DL4323 devices are susceptible to a Cross-Site Scripting (XSS) flaw via the username parameter in the form2userconfig.cgi file. This vulnerability can lead to unauthorized actions performed on behalf of users, exposing them to potentially harmful scripts and compromising the integrity of user data. Proper input validation and sanitization measures are essential to mitigate such risks and enhance the security posture of affected devices.

References

https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr...
x_refsource_MISC
https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGG...
x_refsource_MISC
https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-us...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-20073 : Cross-Site Scripting Vulnerability in Netis DL4323 Devices