Technicolor TC7300 STFA.51.20 XSS Vulnerability in Connected Clients Field

Technicolor TC7300 STFA.51.20 XSS Vulnerability in Connected Clients Field

CVE-2019-17524 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.

Learn more about our Web App Pen Testing.