CVE-2023-49260

CVE-2023-49260: Stored cross-site scripting vulnerability

Vendor Hongdian
Product H8951-4G-ESP
Weakness CWE-79 · XSS
Published January 12, 2024
Last update June 3, 2025

CVSS base score

What the vulnerability does

01Description

An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255.

Key dates

02Disclosure timeline

January 12, 2024 CVE published
June 3, 2025 Record updated