Description
Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page.
Published: 2024-08-27
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 30 Aug 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Teldat rs123
Teldat rs123w
CPEs cpe:2.3:h:teldat:rs123:-:*:*:*:*:*:*:*
cpe:2.3:h:teldat:rs123w:-:*:*:*:*:*:*:*
cpe:2.3:o:teldat:rs123_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:teldat:rs123w_firmware:-:*:*:*:*:*:*:*
Vendors & Products Teldat rs123
Teldat rs123w

Wed, 28 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Teldat rs123 Firmware
Teldat rs123w Firmware
CPEs cpe:2.3:o:teldat:s_firmware:rs123:*:*:*:*:*:*:*
cpe:2.3:o:teldat:s_firmware:rs123w:*:*:*:*:*:*:*		 cpe:2.3:o:teldat:rs123_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teldat:rs123w_firmware:*:*:*:*:*:*:*:*
Vendors & Products Teldat s Firmware
Teldat rs123 Firmware
Teldat rs123w Firmware

Tue, 27 Aug 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Tue, 27 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Teldat
Teldat s Firmware
Weaknesses CWE-79
CPEs cpe:2.3:o:teldat:s_firmware:rs123:*:*:*:*:*:*:*
cpe:2.3:o:teldat:s_firmware:rs123w:*:*:*:*:*:*:*
Vendors & Products Teldat
Teldat s Firmware
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
Description Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page.
References

Subscriptions

Teldat Rs123 Rs123 Firmware Rs123w Rs123w Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-28T13:36:11.733Z

Reserved: 2022-09-06T00:00:00.000Z

Link: CVE-2022-39996

cve-icon Vulnrichment

Updated: 2024-08-27T18:29:23.002Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-27T18:15:13.197

Modified: 2024-08-30T15:17:40.717

Link: CVE-2022-39996

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses