RSS   Vulnerabilities for 'Zxdsl 831'   RSS

2014-11-20
 
CVE-2014-9021

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases.

 
 
CVE-2014-9020

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the Quick Stats page (psilan.cgi) in ZTE ZXDSL 831 and 831CII allows remote attackers to inject arbitrary web script or HTML via the domainname parameter in a save action. NOTE: this issue was SPLIT from CVE-2014-9021 per ADT1 due to different affected products and codebases.

 

 >>> Vendor: Zteusa 7 Products
Zxhn h108l firmware
Zxdsl 831
Zxdsl 831cii
Zte blade spark firmware
Zte blade vantage firmware
Zte zmax champ firmware
Zte zmax pro firmware


Copyright 2024, cxsecurity.com

 

Back to Top