OnCell 3120-LTE-1 Series firmware version 2.3 and prior are affected by multiple vulnerabilities in the old version of jQuery. These vulnerabilities could put your security at risk in many ways, such as Cross-site Scripting (XSS) attacks and prototype pollution.
The identified vulnerability types and potential impacts are listed below:
Item |
Vulnerability Type |
Impact |
1 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
CVE-2020-7656, CVE-2020-11022, CVE-2020-11023 (jQuery)
|
An attacker located remotely can insert HTML or JavaScript into the system via a web interface. |
2 |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
CVE-2019-11358 (jQuery)
|
An attacker can inject attributes that are used in other components. |
Vulnerability Scoring Details
ID
|
CVSS
|
v3.1 Vector
|
Unauthenticated Remote Exploit
|
CVE-2019-11358 |
6.1
|
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
Yes |
CVE-2020-7656 |
6.1 |
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Yes |
CVE-2020-11022 |
6.1 |
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Yes |
CVE-2020-11023 |
6.1 |
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Yes |