CVE-2022-30903 — MEDIUM (4.8)

Vulnerability Description

Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Nokia	G-2425G-A Firmware	3fe49362ijhk42
Nokia	G-2425G-A	3fe48299deaa

Related Weaknesses (CWE)

CWE-79

References

https://medium.com/%40shubhamvpandey/xss-found-in-nokia-g-2425g-a-home-wifi-rout
https://youtu.be/CxBo_gQffOYExploitThird Party Advisory
https://medium.com/%40shubhamvpandey/xss-found-in-nokia-g-2425g-a-home-wifi-rout
https://youtu.be/CxBo_gQffOYExploitThird Party Advisory

FAQ

What is CVE-2022-30903?

CVE-2022-30903 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.

How severe is CVE-2022-30903?

CVE-2022-30903 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30903?

Check the references section above for vendor advisories and patch information. Affected products include: Nokia G-2425G-A Firmware, Nokia G-2425G-A.