A CVSS v3 base score of 9.6 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
ATT ROUTER RETURN CODE
In PHOENIX CONTACT TC ROUTER and TC CLOUD CLIENT prior to version 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to version 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.ĬVE-2023-3526 has been assigned to this vulnerability. CLOUD CLIENT 1101T-TX/TX: versions prior to 2.06.10.TC CLOUD CLIENT 1002-4G VZW: versions prior to 2.07.2.TC CLOUD CLIENT 1002-4G ATT: versions prior to 2.07.2.TC CLOUD CLIENT 1002-4G: versions prior to 2.07.2.TC ROUTER 3002T-4G VZW: versions prior to 2.07.2.TC ROUTER 3002T-4G ATT: versions prior to 2.07.2.TC ROUTER 3002T-4G: versions prior to 2.07.2.Phoenix contact reports that the following products are affected: Successful exploitation of this these vulnerabilities could execute code in the context of the user's browser or cause a denial of service. Vulnerabilities: Cross-site Scripting, XML Entity Expansion.
Equipment: TC ROUTER and TC CLOUD CLIENT.ATTENTION: Exploitable remotely/low attack complexity/public exploits are available.
0 kommentar(er)
