Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZTE ZXDSL 831 跨站脚本
Vulnerability Description
ZTE ZXDSL 831是中国中兴通讯(ZTE)公司的一款ADSL调制解调器(Modem)产品。 ZTE ZXDSL 831中存在跨站脚本漏洞,该漏洞源于TR-069客户端页面(tr69cfg.cgi)没有充分过滤多个参数(tr69cAcsURL、tr69cAcsUser、tr69cAcsPwd、tr69cConnReqPwd和tr69cDebugEnable);Time and date页面(sntpcfg.sntp)没有充分过滤‘timezone’参数;Quick Stats页面(psilan.cg
CVSS Information
N/A
Vulnerability Type
N/A