CVE-2022-40846

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.3%

top 46.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tenda W15e Firmware

Timeline

PublishedNov 15

Description

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDtenda/w15e_firmware15.11.0.10\(1576\)

🔴Vulnerability Details

CVEList

CVE-2022-40846: In Tenda AC1200 Router model W15Ev2 V15↗2022-11-15

▶

GHSA

GHSA-899r-qc24-g3c5: In Tenda AC1200 Router model W15Ev2 V15↗2022-11-15

▶