XSS Vulnerability in ZTE OTCP Product
CVE-2019-3414

4.8MEDIUM

Key Information:

Vendor: Zte
Status: Otcp
Vendor: CVE Published:; 22 July 2019

What is CVE-2019-3414?

The ZTE OTCP product, up to version V1.19.20.02, is vulnerable to Cross-Site Scripting (XSS). An attacker can exploit this flaw by injecting malicious scripts through parameters in the security management interface. If the front end fails to properly sanitize the returned results, the malicious code may execute within the user's browser context, leading to potential theft of cookies or sensitive user data.

Affected Version(s)

OTCP < 1.19.20.02

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2019
Vulnerability Reserved
Dec 31, 2018

Zte

What is CVE-2019-3414?

Affected Version(s)

References

CVSS V3.1

Timeline