Description
Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view.
References (1)
Core 1
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/917700
Scores
EPSS
0.0041
EPSS Percentile
61.3%
Details
CWE
CWE-79
Status
published
Products (2)
huawei/echo_life
hg8247
huawei/echo_life_hg8247_firmware
v1r006c00s120
Published
Apr 05, 2014
Tracked Since
Feb 18, 2026