cvelistv5 - cve-2015-6017

CVE-2015-6017 (GCVE-0-2015-6017)

Vulnerability from cvelistv5

Published

2015-12-31 02:00

Modified

2024-08-06 07:06

Severity ?

CWE

Summary

References

URL	Tags
cret@cert.org	http://www.securitytracker.com/id/1034552
cret@cert.org	https://www.kb.cert.org/vuls/id/870744	Third Party Advisory, US Government Resource
cret@cert.org	https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034552
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/870744	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:06:35.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034552",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034552"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R"
          },
          {
            "name": "VU#870744",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/870744"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "1034552",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034552"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R"
        },
        {
          "name": "VU#870744",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/870744"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-6017",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034552",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034552"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R",
              "refsource": "CONFIRM",
              "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R"
            },
            {
              "name": "VU#870744",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/870744"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2015-6017",
    "datePublished": "2015-12-31T02:00:00",
    "dateReserved": "2015-08-14T00:00:00",
    "dateUpdated": "2024-08-06T07:06:35.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6017\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2015-12-31T05:59:15.880\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de XSS en Forms/rpAuth_1 en dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) LoginPassword o (2) hiddenPassword.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:p-660hw-t1_v2_firmware:3.40\\\\(axh.0\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8E37EBA-A463-46CD-9D38-23C0332C9BF8\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1034552\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/870744\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securitytracker.com/id/1034552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/870744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

cnvd-2015-06885

Vulnerability from cnvd

Title: ZyXEL P-660HW-T1跨站脚本漏洞

Description:

Zyxel P-660HW-T1是合勤（ZyXEL）科技公司的一款无线路由器产品。

使用ZyNOS V3.40(AXH.0)版本固件的ZyXEL P-660HW-T1 v2版本的/Forms/rpAuth_1页面中的‘LoginPassword’和‘hiddenPassword’参数存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意Web脚本或HTML。

Severity: 中

Patch Name: ZyXEL P-660HW-T1跨站脚本漏洞的补丁

Patch Description:

Zyxel P-660HW-T1是合勤（ZyXEL）科技公司的一款无线路由器产品。使用ZyNOS V3.40(AXH.0)版本固件的ZyXEL P-660HW-T1 v2版本的/Forms/rpAuth_1页面中的‘LoginPassword’和‘hiddenPassword’参数存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意Web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.zyxel.com/

Reference: http://www.zyxel.com/support/support_landing.shtml http://www.kb.cert.org/vuls/id/870744

Impacted products

Name
ZyXEL P-660HW-T1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6017"
    }
  },
  "description": "Zyxel P-660HW-T1\u662f\u5408\u52e4\uff08ZyXEL\uff09\u79d1\u6280\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u7528ZyNOS V3.40(AXH.0)\u7248\u672c\u56fa\u4ef6\u7684ZyXEL P-660HW-T1 v2\u7248\u672c\u7684/Forms/rpAuth_1\u9875\u9762\u4e2d\u7684\u2018LoginPassword\u2019\u548c\u2018hiddenPassword\u2019\u53c2\u6570\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002",
  "discovererName": "ZyXEL",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.zyxel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06885",
  "openTime": "2015-10-27",
  "patchDescription": "Zyxel P-660HW-T1\u662f\u5408\u52e4\uff08ZyXEL\uff09\u79d1\u6280\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\u4f7f\u7528ZyNOS V3.40(AXH.0)\u7248\u672c\u56fa\u4ef6\u7684ZyXEL P-660HW-T1 v2\u7248\u672c\u7684/Forms/rpAuth_1\u9875\u9762\u4e2d\u7684\u2018LoginPassword\u2019\u548c\u2018hiddenPassword\u2019\u53c2\u6570\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZyXEL P-660HW-T1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ZyXEL   P-660HW-T1"
  },
  "referenceLink": "http://www.zyxel.com/support/support_landing.shtml\r\nhttp://www.kb.cert.org/vuls/id/870744",
  "serverity": "\u4e2d",
  "submitTime": "2015-10-23",
  "title": "ZyXEL P-660HW-T1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

var-201512-0083

Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. ZyXEL P-660HW-T1 v2 Device firmware ZyNOS of Forms/rpAuth_1 Contains a cross-site scripting vulnerability. In addition, JVNVU#97093739 Then CWE-80 It is published as CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) http://cwe.mitre.org/data/definitions/80.htmlBy a third party (1) LoginPassword Or (2) hiddenPassword Any via parameter Web Script or HTML May be inserted. The Zyxel P-660HW-T1 is a wireless router product from ZyXEL Technology. Multiple ZyXEL Routers are prone to following security vulnerabilities: 1. An insecure default-password vulnerability 2. A command-execution vulnerability 4. A security-bypass vulnerability 5. An authorization-bypass Successful exploits allow attacker-supplied HTML and script code to run in the context of the affected browser potentially allowing attackers to steal cookie-based authentication credentials, execute arbitrary commands, to gain unauthorized access and bypass security restrictions and perform unauthorized actions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0083",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "p-660hw-t1 v2",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "zyxel",
        "version": "3.40\\(axh.0\\)"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "zyxel",
        "version": null
      },
      {
        "model": "p-660hw-t1 v2",
        "scope": null,
        "trust": 0.8,
        "vendor": "zyxel",
        "version": null
      },
      {
        "model": "zynos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "3.40 (axh.0) (2007 year 3 moon 30 day )"
      },
      {
        "model": "p-660hw-t1",
        "scope": null,
        "trust": 0.6,
        "vendor": "zyxel",
        "version": null
      },
      {
        "model": "pmg5318-b20a v100aanc0b5",
        "scope": null,
        "trust": 0.3,
        "vendor": "zyxel",
        "version": null
      },
      {
        "model": "p-660hw-t1 3.40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "zyxel",
        "version": "v2"
      },
      {
        "model": "nbg-418n",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "zyxel",
        "version": "0"
      },
      {
        "model": "pmg5318-b20a 1.00 c0",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "zyxel",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#870744"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "db": "BID",
        "id": "77077"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6017"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:zyxel:p-660hw-t1_v2",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:zyxel:zynos_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joel Land and Karn Ganeshen",
    "sources": [
      {
        "db": "BID",
        "id": "77077"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-6017",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-6017",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2015-06885",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-83978",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2015-6017",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-6017",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-6017",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-06885",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201510-348",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-83978",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83978"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6017"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. Several models of ZyXEL routers are vulnerable to multiple issues, including weak default passwords, command injections due to improper input validation, and cross-site scripting. ZyXEL P-660HW-T1 v2 Device firmware ZyNOS of Forms/rpAuth_1 Contains a cross-site scripting vulnerability. In addition, JVNVU#97093739 Then CWE-80 It is published as CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) http://cwe.mitre.org/data/definitions/80.htmlBy a third party (1) LoginPassword Or (2) hiddenPassword Any via parameter Web Script or HTML May be inserted. The Zyxel P-660HW-T1 is a wireless router product from ZyXEL Technology. Multiple ZyXEL Routers are prone to following security vulnerabilities:\n1. An insecure default-password vulnerability\n2. A command-execution vulnerability\n4. A security-bypass vulnerability\n5. An authorization-bypass\nSuccessful exploits allow attacker-supplied HTML and script code to run in the context of the affected browser potentially allowing attackers to steal cookie-based authentication credentials, execute arbitrary commands, to gain unauthorized access and bypass security restrictions and perform unauthorized actions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6017"
      },
      {
        "db": "CERT/CC",
        "id": "VU#870744"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "db": "BID",
        "id": "77077"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83978"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#870744",
        "trust": 4.2
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6017",
        "trust": 3.4
      },
      {
        "db": "SECTRACK",
        "id": "1034552",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU97093739",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-348",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "77077",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-83978",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#870744"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83978"
      },
      {
        "db": "BID",
        "id": "77077"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6017"
      }
    ]
  },
  "id": "VAR-201512-0083",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83978"
      }
    ],
    "trust": 1.3363635999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:31:02.334000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "P-660HW-T1 v2",
        "trust": 0.8,
        "url": "http://www.zyxel.com/support/SupportLandingSR.shtml?c=gb\u0026l=en\u0026kbid=MD06084\u0026md=P-660HW-T1%20v2"
      },
      {
        "title": "ZyXEL Support Center - Latest Release",
        "trust": 0.8,
        "url": "http://www.zyxel.com/support/support_landing.shtml"
      },
      {
        "title": "Patch for ZyXEL P-660HW-T1 Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/65621"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83978"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6017"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "https://www.kb.cert.org/vuls/id/870744"
      },
      {
        "trust": 1.9,
        "url": "https://www.kb.cert.org/vuls/id/bluu-9zqu2r"
      },
      {
        "trust": 1.5,
        "url": "http://www.zyxel.com/support/support_landing.shtml"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034552"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6017"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97093739/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6017"
      },
      {
        "trust": 0.3,
        "url": "http://www.zyxel.com/th/th/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#870744"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83978"
      },
      {
        "db": "BID",
        "id": "77077"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6017"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#870744"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83978"
      },
      {
        "db": "BID",
        "id": "77077"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6017"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#870744"
      },
      {
        "date": "2015-10-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "date": "2015-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83978"
      },
      {
        "date": "2015-10-13T00:00:00",
        "db": "BID",
        "id": "77077"
      },
      {
        "date": "2016-01-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      },
      {
        "date": "2015-10-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      },
      {
        "date": "2015-12-31T05:59:15.880000",
        "db": "NVD",
        "id": "CVE-2015-6017"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-29T00:00:00",
        "db": "CERT/CC",
        "id": "VU#870744"
      },
      {
        "date": "2015-10-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83978"
      },
      {
        "date": "2015-10-13T00:00:00",
        "db": "BID",
        "id": "77077"
      },
      {
        "date": "2016-01-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006594"
      },
      {
        "date": "2016-01-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      },
      {
        "date": "2024-11-21T02:34:18.300000",
        "db": "NVD",
        "id": "CVE-2015-6017"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZyXEL P-660HW-T1 Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-06885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-348"
      }
    ],
    "trust": 0.6
  }
}

gsd-2015-6017

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-6017

Aliases

CVE-2015-6017

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6017",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.",
    "id": "GSD-2015-6017"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6017"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.",
      "id": "GSD-2015-6017",
      "modified": "2023-12-13T01:20:04.219596Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-6017",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1034552",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034552"
          },
          {
            "name": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R",
            "refsource": "CONFIRM",
            "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R"
          },
          {
            "name": "VU#870744",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/870744"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:zyxel:p-660hw-t1_v2_firmware:3.40\\(axh.0\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-6017"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#870744",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/870744"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R"
            },
            {
              "name": "1034552",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034552"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2016-12-07T18:17Z",
      "publishedDate": "2015-12-31T05:59Z"
    }
  }
}

fkie_cve-2015-6017

Vulnerability from fkie_nvd

Published

2015-12-31 05:59

Modified

2025-04-12 10:46

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cret@cert.org	http://www.securitytracker.com/id/1034552
cret@cert.org	https://www.kb.cert.org/vuls/id/870744	Third Party Advisory, US Government Resource
cret@cert.org	https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034552
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/870744	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	zyxel	p-660hw-t1_v2_firmware	3.40\(axh.0\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:p-660hw-t1_v2_firmware:3.40\\(axh.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E37EBA-A463-46CD-9D38-23C0332C9BF8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en Forms/rpAuth_1 en dispositivos ZyXEL P-660HW-T1 2 con firmware ZyNOS 3.40(AXH.0) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) LoginPassword o (2) hiddenPassword."
    }
  ],
  "id": "CVE-2015-6017",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2015-12-31T05:59:15.880",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id/1034552"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/870744"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/870744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-gjp7-cxjr-8j3h

Vulnerability from github

Published

2022-05-17 03:27

Modified

2022-05-17 03:27

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-12-31T05:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.",
  "id": "GHSA-gjp7-cxjr-8j3h",
  "modified": "2022-05-17T03:27:03Z",
  "published": "2022-05-17T03:27:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6017"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/870744"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZQU2R"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034552"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-6017 (GCVE-0-2015-6017)

Vulnerability from cvelistv5

cnvd-2015-06885

Vulnerability from cnvd

var-201512-0083

Vulnerability from variot

gsd-2015-6017

Vulnerability from gsd

fkie_cve-2015-6017

Vulnerability from fkie_nvd

ghsa-gjp7-cxjr-8j3h

Vulnerability from github

Tags

Sightings

Nomenclature