CVE-2020-8430 — Open Redirect in Network Security

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 51.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stormshield Network Security

Timeline

PublishedApr 13

Latest updateMay 24

Description

Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDstormshield/stormshield_network_security3.0.0 — 3.7.10+2

🔴Vulnerability Details

GHSA

GHSA-cj82-9mrm-6p3m: Stormshield Network Security 310 3↗2022-05-24

▶

CVEList

CVE-2020-8430: Stormshield Network Security 310 3↗2020-04-13

▶