CVE-2021-3186

low-risk
Published 2021-01-26

A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.

Do I need to act?

-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
49478
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Tenda

References (4)

Exploit http://packetstormsecurity.com/files/161119/Tenda-AC5-AC1200-Wireless-Cross-Site...
Exploit https://www.hackingarticles.in/exploiting-stored-cross-site-scripting-at-tenda-a...
Exploit http://packetstormsecurity.com/files/161119/Tenda-AC5-AC1200-Wireless-Cross-Site...
Exploit https://www.hackingarticles.in/exploiting-stored-cross-site-scripting-at-tenda-a...
27
/ 100
low-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal