1. Home
  2. CVE Database
  3. CVE-2019-3414
MEDIUM · 4.8

CVE-2019-3414

All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation co...

Vulnerability Description

All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed and the user cookie or other important information may be stolen.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
ZteOtcp Firmware<= 1.19.20.02
ZteOtcp-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2019-3414?

CVE-2019-3414 is a vulnerability with a CVSS score of 4.8 (MEDIUM). All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation co...

How severe is CVE-2019-3414?

CVE-2019-3414 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3414?

Check the references section above for vendor advisories and patch information. Affected products include: Zte Otcp Firmware, Zte Otcp.