Cross-Site Scripting Vulnerability in Tenda AC6 AC1200 Smart Dual-Band WiFi Router
CVE-2022-40010

5.4MEDIUM

Key Information:

Vendor
Tenda
Vendor
CVE Published:
26 June 2023

Summary

The Tenda AC6 AC1200 Smart Dual-Band WiFi Router version 15.03.06.50_multi features a cross-site scripting vulnerability that can be exploited through the 'deviceId' parameter within the Parental Control module. This flaw could allow an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions within the user’s session.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.