CVE-2018-7355 — MEDIUM (6.1)

Q: How severe is CVE-2018-7355?

CVE-2018-7355 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-7355?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Mf65 Firmware, Zte Mf65, Zte Mf65M1 Firmware, Zte Mf65M1.

Vulnerability Description

All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Zte	Mf65 Firmware	<= 1.0.0b05
Zte	Mf65	-
Zte	Mf65M1 Firmware	<= 1.0.0b02
Zte	Mf65M1	-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2018-7355?

CVE-2018-7355 is a vulnerability with a CVSS score of 6.1 (MEDIUM). All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page gene...

How severe is CVE-2018-7355?

CVE-2018-7355 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7355?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Mf65 Firmware, Zte Mf65, Zte Mf65M1 Firmware, Zte Mf65M1.