CVE-2024-6108 - OpenCVE

A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-268854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://vuldb.com/?ctiid.268854
https://vuldb.com/?id.268854
https://vuldb.com/?submit.353708

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2024-06-18T10:00:04.950Z

Updated: 2024-06-25T17:57:17.846Z

Reserved: 2024-06-18T05:06:31.620Z

Link: CVE-2024-6108

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-06-18T10:15:11.653

Modified: 2024-06-25T18:15:11.730

Link: CVE-2024-6108

JSON object: View

Redhat Information

No data.

CWE

CWE-80

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6108", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-06-18T05:06:31.620Z", "datePublished": "2024-06-18T10:00:04.950Z", "dateUpdated": "2024-06-25T17:57:17.846Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-18T10:00:04.950Z"}, "title": "Genexis Tilgin Home Gateway Login cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-80", "lang": "en", "description": "CWE-80 Basic Cross Site Scripting"}]}], "affected": [{"vendor": "Genexis", "product": "Tilgin Home Gateway", "versions": [{"version": "322_AS0500-03_05_13_05", "status": "affected"}], "modules": ["Login"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-268854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# der Komponente Login. Durch die Manipulation des Arguments errmsg mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-06-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-06-18T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-06-18T07:13:46.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "The_Druk (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.268854", "name": "VDB-268854 | Genexis Tilgin Home Gateway Login cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.268854", "name": "VDB-268854 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.353708", "name": "Submit #353708 | tilgin Residential Gateway 322_AS0500-03_05_13_05 Injection", "tags": ["third-party-advisory"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-25T17:57:09.219869Z", "id": "CVE-2024-6108", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T17:57:17.846Z"}}]}}

{"descriptions": [{"lang": "en", "value": "A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-268854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /vood/cgi-bin/vood_view.cgi?act=index&lang=ES# del componente Login es afectada por esta funci\u00f3n. La manipulaci\u00f3n del argumento errmsg conduce a cross site scripting b\u00e1sico. Es posible lanzar el ataque de forma remota. VDB-268854 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-6108", "lastModified": "2024-06-25T18:15:11.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-06-18T10:15:11.653", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.268854"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.268854"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.353708"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "cna@vuldb.com", "type": "Secondary"}]}