CVE-2018-20326
published 2019-01-02CVE-2018-20326: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.
PriorityP340medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
4.82%
90.9th percentile
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chinamobile | gpn2.4p21-c-cn_firmware | — | — |
| gnome | gthumb | >= 0 < 3:3.4.3-1ubuntu0.1~esm1 | 3:3.4.3-1ubuntu0.1~esm1 |
| gnome | gthumb | >= 0 < 3:3.6.1-1ubuntu0.1~esm1 | 3:3.6.1-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
gThumb vulnerabilities
osv·2022-10-14·CVSS 7.8
CVE-2018-18718 gThumb vulnerabilities
gThumb vulnerabilities
It was discovered that gThumb did not properly managed
memory under certain circumstances. An attacker could
possibly use this issue to cause gThumb to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2018-18718)
It was discovered that gThumb did not properly managed
memory when processing certain image files. If a user were
tricked into opening a specially crafted JPEG file, an
attacker could possibly use this issue to cause gThumb to
crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2019-20326)
It was discovered that gThumb did not properly handled
certain malformed image files. If a user were tricked into
opening a specially crafted JPEG file, an attacker could
possibly use this issue to cause gTh
GHSA
GHSA-92g8-6cxf-frq7: ChinaMobile PLC Wireless Router GPN2
ghsa_unreviewed·2022-05-14
CVE-2018-20326 [MEDIUM] CWE-79 GHSA-92g8-6cxf-frq7: ChinaMobile PLC Wireless Router GPN2
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/150918/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Scripting.htmlhttps://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/https://www.exploit-db.com/exploits/46081/https://youtu.be/TwNi05yfQkshttp://packetstormsecurity.com/files/150918/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Scripting.htmlhttps://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/https://www.exploit-db.com/exploits/46081/https://youtu.be/TwNi05yfQks
2019-01-02
Published