CVE-2021-40041

{"id": "CVE-2021-40041", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.1}]}, "published": "2022-01-10T14:10:23.123", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211229-01-xss-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting(XSS) en el producto HUAWEI WS318n cuando son procesados los ajustes de red. Debido a una comprobaci\u00f3n de entrada insuficiente del usuario, un atacante local autenticado podr\u00eda explotar esta vulnerabilidad al inyectar caracteres especiales. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar determinada divulgaci\u00f3n de informaci\u00f3n. Las versiones del producto afectadas son: WS318n-21 10.0.2.2, 10.0.2.5 y 10.0.2.6"}], "lastModified": "2022-01-13T15:32:59.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:ws318n-21_firmware:10.0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "951E297A-36DB-4EA5-B011-CB2E7AE5E671"}, {"criteria": "cpe:2.3:o:huawei:ws318n-21_firmware:10.0.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E475C051-DE1A-4E4E-B0BB-AB900078B1CB"}, {"criteria": "cpe:2.3:o:huawei:ws318n-21_firmware:10.0.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0273D8BE-11C2-4CEC-A799-C2A4D9970472"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:ws318n-21:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96114840-BAF9-476B-AE8D-27DCB0977CDB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}