Cross-Site Scripting Vulnerability in Netis DL4323 Devices
CVE-2019-20075

6.1MEDIUM

Key Information:

Vendor

Netis-systems

Status
Dl4343 Firmware
Vendor
CVE Published:
30 December 2019

What is CVE-2019-20075?

Netis DL4323 devices are susceptible to a Cross-Site Scripting (XSS) vulnerability exposed through the pingrtt_v6.html page. This vulnerability allows attackers to inject malicious scripts into web pages viewed by unsuspecting users, potentially leading to data theft, session hijacking, or the manipulation of web content. Given the nature of this vulnerability, it is crucial for users of affected devices to apply necessary patches and take precautionary measures to enhance their security posture.

References

https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG...
x_refsource_MISC
https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB...
x_refsource_MISC
https://fatihhcelik.blogspot.com/2019/12/xss-vulnerabilit...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-20075 : Cross-Site Scripting Vulnerability in Netis DL4323 Devices