Stored Cross-Site Scripting in Netis DL4323 Devices
CVE-2019-20076

6.1MEDIUM

Key Information:

Vendor

Netis-systems

Status
Dl4343 Firmware
Vendor
CVE Published:
30 December 2019

What is CVE-2019-20076?

Netis DL4323 devices are susceptible to a stored Cross-Site Scripting vulnerability. This occurs through the username parameter in the form2Ddns.cgi page, which is part of the Dynamic DNS configuration settings. An attacker could exploit this flaw by inserting potentially harmful scripts that would execute in the context of a user's session. This could lead to unauthorized actions performed without the user's consent or knowledge, creating significant security risks for network integrity.

References

https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR...
x_refsource_MISC
https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpy...
x_refsource_MISC
https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-us...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-20076 : Stored Cross-Site Scripting in Netis DL4323 Devices