CVE-2022-23136
MEDIUMZTE ZXHN F680 Firmware - Stored Cross-Site Scripting via Gateway Name
Title source: llmDescription
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024084
Scores
CVSS v3
5.4
EPSS
0.0035
EPSS Percentile
57.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
zte/zxhn_f680_firmware
6.0.10p3n20
Published
Mar 30, 2022
Tracked Since
Feb 18, 2026