Vulnerability Description
Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter.
CVSS Score
4.8
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Beetel | 777Vr1 Firmware | - |
| Beetel | 777Vr1 | - |
Related Weaknesses (CWE)
References
- http://beetel.comBroken Link
- https://github.com/the-girl-who-lived/CVE-2020-25498ExploitThird Party Advisory
- https://youtu.be/qeVHvmS5wtIExploitThird Party Advisory
- https://youtu.be/u_6yBIMF74AExploitThird Party Advisory
- http://beetel.comBroken Link
- https://github.com/the-girl-who-lived/CVE-2020-25498ExploitThird Party Advisory
- https://youtu.be/qeVHvmS5wtIExploitThird Party Advisory
- https://youtu.be/u_6yBIMF74AExploitThird Party Advisory
FAQ
What is CVE-2020-25498?
CVE-2020-25498 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter.
How severe is CVE-2020-25498?
CVE-2020-25498 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25498?
Check the references section above for vendor advisories and patch information. Affected products include: Beetel 777Vr1 Firmware, Beetel 777Vr1.