CVE-2020-9022

An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS.
References
Link Resource
https://sku11army.blogspot.com/2020/01/xirrus-xirrus-wifi-xss.html Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cambiumnetworks:xh2-120_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cambiumnetworks:xh2-120:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cambiumnetworks:xr2436_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cambiumnetworks:xr2436:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cambiumnetworks:xr520_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cambiumnetworks:xr520:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cambiumnetworks:xr620_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cambiumnetworks:xr620:-:*:*:*:*:*:*:*

Information

Published : 2020-02-16 20:15

Updated : 2020-02-19 09:17


NVD link : CVE-2020-9022

Mitre link : CVE-2020-9022


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

cambiumnetworks

  • xr2436
  • xr520
  • xh2-120_firmware
  • xr620
  • xr520_firmware
  • xr620_firmware
  • xh2-120
  • xr2436_firmware