CVE-2018-0679
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
15/11/2018
Last modified:
31/12/2018
Description
Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page.
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:fxc:fxc5210_firmware:*:*:*:*:*:*:*:* | 1.00.22 (excluding) | |
| cpe:2.3:h:fxc:fxc5210:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fxc:fxc5218_firmware:*:*:*:*:*:*:*:* | 1.00.22 (excluding) | |
| cpe:2.3:h:fxc:fxc5218:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fxc:fxc5224_firmware:*:*:*:*:*:*:*:* | 1.00.22 (excluding) | |
| cpe:2.3:h:fxc:fxc5224:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fxc:fxc5426f_firmware:*:*:*:*:*:*:*:* | 1.00.06 (excluding) | |
| cpe:2.3:h:fxc:fxc5426f:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fxc:fxc5428_firmware:*:*:*:*:*:*:*:* | 1.00.07 (excluding) | |
| cpe:2.3:h:fxc:fxc5428:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fxc:fxc5210pe_firmware:*:*:*:*:*:*:*:* | 1.00.14 (excluding) | |
| cpe:2.3:h:fxc:fxc5210pe:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fxc:fxc5218pe_firmware:*:*:*:*:*:*:*:* | 1.00.14 (excluding) | |
| cpe:2.3:h:fxc:fxc5218pe:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fxc:fxc5224pe_firmware:*:*:*:*:*:*:*:* | 1.00.14 (excluding) |
To consult the complete list of CPE names with products and versions, see this page