Thomson TCW710 ST5D.10.05 /goform/RgTime TimeServer1/TimeServer2/TimeServer3 Persistent cross site scripting

InträdeHistoryjsonxmlCTI

I Thomson TCW710 ST5D.10.05 var en problematisksvag punkt finns. Som påverkar en okänd funktion filen /goform/RgTime. Manipulering av argumenten TimeServer1/TimeServer2/TimeServer3 med ingången ><script>alert(1)</script> som ett POST Request leder till en sårbarhet klass cross site scripting svag punkt. Den rådgivande finns tillgänglig för nedladdning på alquimistadesistemas.com. Denna svaga punkt är känd som CVE-2018-25036. Attacken på nätet kan. Det finns tekniska detaljer känd. Han deklarerade proof-of-concept. Den exploit kan laddas ner från alquimistadesistemas.com. Som bläst applicering av en firewall åtgärder rekommenderas. En möjlig åtgärd har utfärdats före och inte efter offentliggörandet.

Fält	04/06/2022 14:15	05/06/2023 17:11	05/06/2023 17:19
vendor	Thomson	Thomson	Thomson
name	TCW710	TCW710	TCW710
version	ST5D.10.05	ST5D.10.05	ST5D.10.05
file	/goform/RgTime	/goform/RgTime	/goform/RgTime
argument	TimeServer1/TimeServer2/TimeServer3	TimeServer1/TimeServer2/TimeServer3	TimeServer1/TimeServer2/TimeServer3
input_type	POST Request	POST Request	POST Request
input_value	><script>alert(1)</script>	><script>alert(1)</script>	><script>alert(1)</script>
risk	1	1	1
cvss2_vuldb_basescore	3.5	3.5	3.5
cvss2_vuldb_tempscore	2.7	2.7	2.7
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss3_meta_basescore	3.5	3.5	4.1
cvss3_meta_tempscore	3.0	3.0	4.0
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.0	3.0	3.0
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
titleword	Persistent	Persistent	Persistent
date	1518998400 (19/02/2018)	1518998400 (19/02/2018)	1518998400 (19/02/2018)
location	Website	Website	Website
type	Advisory	Advisory	Advisory
url	https://alquimistadesistemas.com/auditando-router-thomson-tcw710	https://alquimistadesistemas.com/auditando-router-thomson-tcw710	https://alquimistadesistemas.com/auditando-router-thomson-tcw710
identifier	Auditando router thomson tcw710	Auditando router thomson tcw710	Auditando router thomson tcw710
person_nickname	moikano	moikano	moikano
availability	1	1	1
date	1518998400 (19/02/2018)	1518998400 (19/02/2018)	1518998400 (19/02/2018)
publicity	1	1	1
url	https://alquimistadesistemas.com/auditando-router-thomson-tcw710	https://alquimistadesistemas.com/auditando-router-thomson-tcw710	https://alquimistadesistemas.com/auditando-router-thomson-tcw710
developer_nickname	moikano	moikano	moikano
price_0day	$0-$5k	$0-$5k	$0-$5k
name	Firewall	Firewall	Firewall
seealso	126695 126696 126698 126699 126700	126695 126696 126698 126699 126700	126695 126696 126698 126699 126700
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rl	W	W	W
cvss2_vuldb_rc	UC	UC	UC
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	W	W	W
cvss3_vuldb_rc	U	U	U
cvss2_vuldb_au	S	S	S
cvss3_vuldb_pr	L	L	L
cwe	80 (cross site scripting)	80 (cross site scripting)	80 (cross site scripting)
cve	CVE-2018-25036	CVE-2018-25036	CVE-2018-25036
responsible	VulDB	VulDB	VulDB
cve_assigned		1654293600 (04/06/2022)	1654293600 (04/06/2022)
cve_nvd_summary		A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input >alert(1) as part of POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input >alert(1) as part of POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			M
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			3.5
cvss3_nvd_basescore			5.4
cvss3_cna_basescore			3.5

◂ Tidigare Översikt Nästa ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!