What is CVE-2026-6999?

CVE-2026-6999 is a low-severity vulnerability in Bivocom Tr321, classified under Cross-site Scripting. CVSS score: 2.4/10. Published 2026-04-25.

How severe is CVE-2026-6999?

Low severity. CVSS v3 base score is 2.4 out of 10.

RCE in Bivocom Tr321

CVE-2026-6999

A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component Wireless Setting. This manipulation of the argument Network Name SSID causes cross site scripting. The attack is…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (1.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.4 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N.

Affected products

Bivocom Tr321 — versions 21.1.1.50

Weakness classification (CWE)

References

cna@vuldb.com (technical-description, vdb-entry)
cna@vuldb.com (signature, permissions-required)
cna@vuldb.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-6999?: CVE-2026-6999 is a low-severity vulnerability in Bivocom Tr321, classified under Cross-site Scripting. CVSS score: 2.4/10. Published 2026-04-25.
How severe is CVE-2026-6999?: Low severity. CVSS v3 base score is 2.4 out of 10.