CVE-2024-32326Cross-site Scripting in Ex200 Firmware

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 62.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Totolink Ex200 Firmware
Timeline
PublishedApr 18

Description

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages1 packages

NVDtotolink/ex200_firmware4.0.3c.7646_b20201211

🔴Vulnerability Details

2
GHSA
GHSA-h3hp-g22h-899v: TOTOLINK EX200 V42024-04-18
CVEList
CVE-2024-32326: TOTOLINK EX200 V42024-04-18
CVE-2024-32326 — Cross-site Scripting in Ex200 Firmware | cvebase