Cross Site Scripting Vulnerability in Digisol DG-HR3400 Router
CVE-2020-35262

6.1MEDIUM

Key Information:

Vendor

Digisol

Status
Dg-hr3400 Firmware
Vendor
CVE Published:
6 January 2021

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2020-35262?

A Cross Site Scripting (XSS) vulnerability exists in the Digisol DG-HR3400 router, allowing attackers to execute malicious scripts via manipulated input in the Time and Date module's NTP server name and the 'Keyword' parameter in the URL Filter. This exploitation can lead to unauthorized access and manipulation of the user's environment, potentially compromising sensitive information.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-35262
Created by the-girl-who-lived

References

http://digisol.com
x_refsource_MISC
https://github.com/the-girl-who-lived/CVE-2020-35262
x_refsource_MISC
https://youtu.be/E5wEzf-gkOE
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability Reserved

JSON
.
CVE-2020-35262 : Cross Site Scripting Vulnerability in Digisol DG-HR3400 Router