CVE-2022-45028

CVE Database · CVE-2022-45028

CVE-2022-45028

· MEDIUMModified

CVSS v3.1

6.1

EPSS

0.53%

Published

Dec 13, 2022

Modified

Apr 22, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-79

Affected Products (2)

arris · nvg443b_firmwarevulnerable

arris · nvg443b

References (4)

https://drive.google.com/file/d/1AHqvciVNMQpUoomFgtctnByewkkr24kB/view

ExploitThird Party Advisory

https://seanpesce.blogspot.com/2022/11/unauthenticated-stored-xss-in-arris.html

ExploitThird Party Advisory

https://drive.google.com/file/d/1AHqvciVNMQpUoomFgtctnByewkkr24kB/view

ExploitThird Party Advisory

https://seanpesce.blogspot.com/2022/11/unauthenticated-stored-xss-in-arris.html

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs