A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >><img/src/onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1s_NzD0Z6lMvRoo9sLXqRvYRaF7XTAYBE/view?usp=sharing | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.243594 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.243594 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
06 Nov 2023, 19:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
Airtel dragon Path 707gr1 Firmware
Airtel Airtel dragon Path 707gr1 |
|
CPE | cpe:2.3:h:dragonpath:router_707gr1:-:*:*:*:*:*:*:* |
cpe:2.3:o:airtel:dragon_path_707gr1_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:airtel:dragon_path_707gr1:-:*:*:*:*:*:*:* |
06 Nov 2023, 18:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:dragonpath:router_707gr1_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dragonpath:router_707gr1:-:*:*:*:*:*:*:* |
|
First Time |
Dragonpath
Dragonpath router 707gr1 Dragonpath router 707gr1 Firmware |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
References | (MISC) https://drive.google.com/file/d/1s_NzD0Z6lMvRoo9sLXqRvYRaF7XTAYBE/view?usp=sharing - Exploit, Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.243594 - Permissions Required, Third Party Advisory | |
References | (MISC) https://vuldb.com/?id.243594 - Third Party Advisory |
26 Oct 2023, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-26 17:15
Updated : 2024-05-17 02:33
NVD link : CVE-2023-5789
Mitre link : CVE-2023-5789
CVE.ORG link : CVE-2023-5789
JSON object : View
Products Affected
airtel
- dragon_path_707gr1
- dragon_path_707gr1_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')