CVE-2023-49260

An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*

History

18 Jan 2024, 20:22

Type Values Removed Values Added
CPE cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*
References () https://cert.pl/en/posts/2024/01/CVE-2023-49253/ - () https://cert.pl/en/posts/2024/01/CVE-2023-49253/ - Third Party Advisory
References () https://cert.pl/posts/2024/01/CVE-2023-49253/ - () https://cert.pl/posts/2024/01/CVE-2023-49253/ - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
First Time Hongdian h8951-4g-esp
Hongdian
Hongdian h8951-4g-esp Firmware

12 Jan 2024, 15:54

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-12 15:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-49260

Mitre link : CVE-2023-49260

CVE.ORG link : CVE-2023-49260


JSON object : View

Products Affected

hongdian

  • h8951-4g-esp_firmware
  • h8951-4g-esp
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')