CVE-2023-22971
Summary
| CVE | CVE-2023-22971 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-26 21:18:00 UTC |
| Updated | 2023-02-06 17:08:00 UTC |
| Description | Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Hughes | Hn7000s | - | All | All | All |
| Operating System | Hughes | Hn7000s Firmware | 6.9.0.37 | All | All | All |
| Hardware | Hughes | Hn9460 | - | All | All | All |
| Operating System | Hughes | Hn9460 Firmware | 8.2.0.48 | All | All | All |
| Hardware | Hughes | Hx200 | - | All | All | All |
| Operating System | Hughes | Hx200 Firmware | 8.3.1.14 | All | All | All |
| Hardware | Hughes | Hx50l | - | All | All | All |
| Operating System | Hughes | Hx50l Firmware | 6.10.0.18 | All | All | All |
| Hardware | Hughes | Hx90 | - | All | All | All |
| Operating System | Hughes | Hx90 Firmware | 6.11.0.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Satellite Connectivity and Managed Networks | Hughes | MISC | www.hughes.com | |
| Zero Science Lab » Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting | MISC | www.zeroscience.mk | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.