CVE-2019-17524 — MEDIUM (5.4)

Vulnerability Description

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Technicolor	Tc7300.B0 Firmware	stfa.51.20
Technicolor	Tc7300.B0	-

Related Weaknesses (CWE)

CWE-79

References

https://gitlab.com/luiss/cve_repo/blob/master/CVE-2019-17523/README.mdExploitThird Party Advisory
https://www.technicolor.com/newsProduct
https://gitlab.com/luiss/cve_repo/blob/master/CVE-2019-17523/README.mdExploitThird Party Advisory
https://www.technicolor.com/newsProduct

FAQ

What is CVE-2019-17524?

CVE-2019-17524 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a cr...

How severe is CVE-2019-17524?

CVE-2019-17524 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-17524?

Check the references section above for vendor advisories and patch information. Affected products include: Technicolor Tc7300.B0 Firmware, Technicolor Tc7300.B0.