Skip to main content

Tdc X401gl Firmware CVE-2026-22919

LOW
Cross-site Scripting (XSS) (CWE-79)
2026-01-15 psirt@sick.de
3.8
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.8 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 15, 2026 - 13:16 nvd
LOW 3.8

DescriptionCVE.org

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.

AnalysisAI

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data. [CVSS 3.8 LOW]

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Tdc-X401Gl Firmware. An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2026-22907 CRITICAL
9.9 Jan 15

Container management vulnerability allows authenticated users to escape to the host filesystem with read/write access. C

CVE-2026-22908 CRITICAL
9.1 Jan 15

Uploading unvalidated container images enables remote attackers with admin access to achieve full system compromise thro

CVE-2026-22909 HIGH
7.5 Jan 15

TDC X401gl devices with unpatched firmware lack proper authorization controls for critical system functions, enabling un

CVE-2026-22910 HIGH
7.5 Jan 15

TDC X401GL firmware contains hardcoded default credentials for privileged user accounts, enabling unauthenticated attack

CVE-2026-22911 MEDIUM
5.3 Jan 15

TDC X401GL firmware updates contain hardcoded password hashes for system accounts that are accessible to unauthenticated

CVE-2026-22917 MEDIUM
4.3 Jan 15

Denial of service conditions in TDC X401GL firmware can be triggered by authenticated network attackers through improper

CVE-2026-22912 MEDIUM
4.3 Jan 15

Insufficient validation of login parameters in TDC X401gl Firmware enables open redirect attacks that can redirect authe

CVE-2026-22916 MEDIUM
4.3 Jan 15

TDC X401GL firmware lacks proper authorization controls on privileged operations, allowing authenticated users to trigge

CVE-2026-22915 MEDIUM
4.3 Jan 15

Tdc X401gl Firmware contains an information disclosure vulnerability that allows authenticated attackers to access files

CVE-2026-22918 MEDIUM
4.3 Jan 15

Tdc X401gl firmware lacks clickjacking protections, allowing remote attackers to deceive users into executing unintended

CVE-2026-22913 MEDIUM
4.3 Jan 15

TDC X401GL firmware contains a reflected cross-site scripting vulnerability in URL parameter handling that allows unauth

CVE-2026-22914 MEDIUM
4.3 Jan 15

TDC X401GL devices allow authenticated users to write files to restricted locations due to insufficient access controls,

Share

CVE-2026-22919 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy