What is CVE-2022-36325?

CVE-2022-36325 is a medium-severity vulnerability in Siemens Ruggedcom Rm1224 Lte(4g) Eu, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 6.8/10. Published 2022-08-10.

How severe is CVE-2022-36325?

Medium severity. CVSS v3 base score is 6.8 out of 10.

XSS in Siemens Ruggedcom Rm1224 Lte(4g) Eu

CVE-2022-36325

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

EPSS: 0.004 (63.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C.

Affected products

Siemens Ruggedcom Rm1224 Lte(4g) Eu — versions 0
Siemens Ruggedcom Rm1224 Lte(4g) Nam — versions 0
Siemens Scalance M804pb — versions 0
Siemens Scalance M812-1 Adsl-router — versions 0
Siemens Scalance M816-1 Adsl-router — versions 0
Siemens Scalance M826-2 Shdsl-router — versions 0
Siemens Scalance M874-2 — versions 0
Siemens Scalance M874-3 — versions 0
Siemens Scalance M876-3 — versions 0
Siemens Scalance M876-3 (Rok) — versions 0

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

Frequently asked questions

What is CVE-2022-36325?: CVE-2022-36325 is a medium-severity vulnerability in Siemens Ruggedcom Rm1224 Lte(4g) Eu, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 6.8/10. Published 2022-08-10.
How severe is CVE-2022-36325?: Medium severity. CVSS v3 base score is 6.8 out of 10.