CVE-2020-8822 — MEDIUM (4.8)

Vulnerability Description

Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Digi	Transport Wr21 Firmware	5.2.2.3
Digi	Transport Wr21	-
Digi	Transport Wr44 Firmware	5.1.6.4
Digi	Transport Wr44	-

Related Weaknesses (CWE)

CWE-79

References

https://sku11army.blogspot.com/2020/02/digi-transport-stored-xss-on-wr-family.htExploitThird Party Advisory
https://sku11army.blogspot.com/2020/02/digi-transport-stored-xss-on-wr-family.htExploitThird Party Advisory

FAQ

What is CVE-2020-8822?

CVE-2020-8822 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application.

How severe is CVE-2020-8822?

CVE-2020-8822 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8822?

Check the references section above for vendor advisories and patch information. Affected products include: Digi Transport Wr21 Firmware, Digi Transport Wr21, Digi Transport Wr44 Firmware, Digi Transport Wr44.