Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN14778242/ | Third Party Advisory |
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N | Vendor Advisory |
https://www.tandd.com/news/detail.html?id=780 | Vendor Advisory |
https://jvn.jp/en/jp/JVN14778242/ | Third Party Advisory |
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N | Vendor Advisory |
https://www.tandd.com/news/detail.html?id=780 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
21 Nov 2024, 07:45
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/en/jp/JVN14778242/ - Third Party Advisory | |
References | () https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - Vendor Advisory | |
References | () https://www.tandd.com/news/detail.html?id=780 - Vendor Advisory |
30 May 2023, 22:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:tandd:wdr-7:-:*:*:*:*:*:*:* cpe:2.3:o:tandd:ws-2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:especmic:rt-22bn:-:*:*:*:*:*:*:* cpe:2.3:h:especmic:rs-12n:-:*:*:*:*:*:*:* cpe:2.3:o:tandd:tr-72w_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tandd:wdr-7_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tandd:tr-72w:-:*:*:*:*:*:*:* cpe:2.3:h:tandd:tr-71w:-:*:*:*:*:*:*:* cpe:2.3:o:especmic:rt-12n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:especmic:teu-12n:-:*:*:*:*:*:*:* cpe:2.3:o:especmic:rs-12n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:especmic:rt-12n:-:*:*:*:*:*:*:* cpe:2.3:h:tandd:rtr-5w:-:*:*:*:*:*:*:* cpe:2.3:h:tandd:wdr-3:-:*:*:*:*:*:*:* cpe:2.3:o:especmic:teu-12n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tandd:rtr-5w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tandd:ws-2:-:*:*:*:*:*:*:* cpe:2.3:o:tandd:tr-71w_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tandd:wdr-3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:especmic:rt-22bn_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-79 | |
References | (MISC) https://www.tandd.com/news/detail.html?id=780 - Vendor Advisory | |
References | (MISC) https://jvn.jp/en/jp/JVN14778242/ - Third Party Advisory | |
References | (MISC) https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - Vendor Advisory | |
First Time |
Especmic
Tandd wdr-7 Tandd Tandd rtr-5w Especmic rs-12n Especmic rs-12n Firmware Tandd ws-2 Firmware Especmic teu-12n Firmware Especmic rt-12n Firmware Tandd wdr-3 Firmware Tandd rtr-5w Firmware Tandd tr-72w Tandd wdr-3 Tandd wdr-7 Firmware Especmic teu-12n Especmic rt-22bn Tandd ws-2 Tandd tr-71w Tandd tr-71w Firmware Especmic rt-12n Especmic rt-22bn Firmware Tandd tr-72w Firmware |
Information
Published : 2023-05-23 02:15
Updated : 2024-11-21 07:45
NVD link : CVE-2023-22654
Mitre link : CVE-2023-22654
CVE.ORG link : CVE-2023-22654
JSON object : View
Products Affected
tandd
- wdr-7_firmware
- rtr-5w_firmware
- ws-2_firmware
- wdr-7
- rtr-5w
- tr-71w
- ws-2
- tr-71w_firmware
- tr-72w_firmware
- wdr-3
- tr-72w
- wdr-3_firmware
especmic
- rt-12n_firmware
- rs-12n_firmware
- rt-22bn
- teu-12n
- teu-12n_firmware
- rs-12n
- rt-22bn_firmware
- rt-12n
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')