First published: Wed Mar 30 2022(Updated: )
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Credit: psirt@zte.com.cn
Affected Software | Affected Version | How to fix |
---|---|---|
Zte Zxhn F680 Firmware | =6.0.10p3n20 | |
Zte Zxhn F680 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23136 is a stored XSS vulnerability in ZTE home gateway product.
CVE-2022-23136 allows an attacker to modify the gateway name and trigger an XSS attack when the user views the current topology of the device through the management page.
ZTE home gateway firmware version 6.0.10p3n20 is affected by CVE-2022-23136.
CVE-2022-23136 has a severity rating of 5.4 (medium).
To fix CVE-2022-23136, update the ZTE home gateway firmware to a version that is not vulnerable.