CVE-2020-26733

MEDIUM

SKYWORTH GN542VF - XSS

Title source: llm

Description

Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.

Exploits (1)

nomisec WRITEUP 1 stars

by swzhouu · poc

https://github.com/swzhouu/CVE-2020-26733

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/swzhouu/CVE-2020-26733

Scores

CVSS v3 5.4

EPSS 0.0060

EPSS Percentile 69.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

skyworth/gn542vf_firmware 2.0.0.16

Published Jan 14, 2021

Tracked Since Feb 18, 2026