First published: Thu Sep 05 2019(Updated: )
Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dasanzhone Znid Gpon 2426a Eu Firmware | <=s3.1.285 | |
Dasanzhone Znid Gpon 2426a Eu |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10677 refers to multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU devices.
An attacker can exploit CVE-2019-10677 by manipulating unsanitized GET parameters to execute arbitrary JavaScript code.
CVE-2019-10677 has a severity level of 6.1 (medium).
DASAN Zhone ZNID GPON 2426A EU firmware versions up to and including S3.1.285 are affected by CVE-2019-10677.
To fix CVE-2019-10677, it is recommended to update the firmware of the DASAN Zhone ZNID GPON 2426A EU device to a version that addresses the XSS issues.