Vulnerability Details CVE-2022-23136
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2022-23136
-
cpe:2.3:h:zte:zxhn_f680:-
-
cpe:2.3:o:zte:zxhn_f680_firmware:6.0.10p3n20