Cross-Site Scripting Vulnerability in Tenda AC6 AC1200 Smart Dual-Band WiFi Router
CVE-2022-40010
5.4MEDIUM
Summary
The Tenda AC6 AC1200 Smart Dual-Band WiFi Router version 15.03.06.50_multi features a cross-site scripting vulnerability that can be exploited through the 'deviceId' parameter within the Parental Control module. This flaw could allow an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions within the user’s session.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved