PT-2020-12473 · Tenda · Tenda Ac15 Ac1900

Published

2020-07-13

Updated

2020-07-15

CVE-2020-10989

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Tenda AC15 AC1900 version 15.03.05.19

Description The issue is related to an XSS problem that allows remote attackers to execute malicious payloads. This is achieved via the WifiName POST parameter in the "/goform/WifiBasicSet" endpoint.

Recommendations For Tenda AC15 AC1900 version 15.03.05.19, avoid using the WifiName parameter in the "/goform/WifiBasicSet" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "/goform/WifiBasicSet" endpoint to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-10989

Affected Products

Tenda Ac15 Ac1900

PT-2020-12473 · Tenda · Tenda Ac15 Ac1900

CVE-2020-10989

Weakness Enumeration

Related Identifiers

Affected Products

References · 5