CVE-2014-1599

Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) dns, (2) dhcp, (3) nat, (4) route, or (5) lan in network/; or (6) wifi/config.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/65973
http://www.securityfocus.com/archive/1/531349/100/0/threaded

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:sfr:sfr_box_router_firmware:nb6-main-r3.3.4:*:*:*:*:*:*:*

cpe:2.3:h:sfr:sfr_box_router:-:*:*:*:*:*:*:*

Information

Published : 2014-03-09 06:16

Updated : 2018-10-09 12:42

NVD link : CVE-2014-1599

Mitre link : CVE-2014-1599

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

sfr

sfr_box_router
sfr_box_router_firmware

4.3 /10