Vulnerability Note VU#917700
Huawei Echo Life HG8247 optical router XSS vulnerability
Huawei Echo Life HG8247 optical router contains a stored cross-site scripting (XSS) vulnerability
It has been reported that Huawei Echo Life HG8247 optical routers running software version V1R006C00S120 or earlier contain a stored cross-site scripting (XSS) vulnerability.
An unauthenticated attacker can perform a stored cross-site scripting (XSS) attack against an authenticated user through the web interface by creating a malicious entry in the failed log-in attempts over telnet log view allowing them to run scripts with the permission of the authenticated user.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Huawei Technologies||Affected||20 Jan 2014||01 Apr 2014|
CVSS Metrics (Learn More)
Thanks to Rijnard van Tonder for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2014-0337
- Date Public: 02 Mar 2014
- Date First Published: 02 Apr 2014
- Date Last Updated: 02 Apr 2014
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.