CVE-2020-23617
moderate-risk
Published 2022-05-02
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.
Do I need to act?
-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10
Medium
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (4)
Product
http://totolink.net/
Third Party Advisory
https://gist.github.com/fuzzKitty/8ca2587213874e94e5c0aedf346c18b1
Product
http://totolink.net/
Third Party Advisory
https://gist.github.com/fuzzKitty/8ca2587213874e94e5c0aedf346c18b1
31
/ 100
moderate-risk
Severity
23/34 · High
Exploitability
1/34 · Minimal
Exposure
7/34 · Low