XSS Vulnerability in TP-Link USB Network Server Products
CVE-2020-15056

4.3MEDIUM

Key Information:

Vendor: Tp-link
Status: Tl-ps310u Firmware
Vendor: CVE Published:; 7 August 2020

Summary

The TP-Link USB Network Server TL-PS310U devices prior to version 2.079.000.t0210 are susceptible to Cross-Site Scripting (XSS) vulnerabilities. Attackers connected to the same network can exploit this weakness by setting a maliciously crafted server name, which can lead to persistent XSS attacks. This vulnerability allows unauthorized users to execute arbitrary scripts in the context of the user's browser, potentially compromising sensitive information and user session. It is crucial for administrators to apply the necessary updates to mitigate such risks.

References

https://research.hisolutions.com/2020/05/critical-vulnera...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 7, 2020
Vulnerability Reserved
Jun 25, 2020