Tdc X401gl Firmware
CVE-2026-22919
LOW
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.
AnalysisAI
An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data. [CVSS 3.8 LOW]
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Tdc-X401Gl Firmware. An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in Tdc X401gl Firmware
View allContainer management vulnerability allows authenticated users to escape to the host filesystem with read/write access. C
Uploading unvalidated container images enables remote attackers with admin access to achieve full system compromise thro
TDC X401gl devices with unpatched firmware lack proper authorization controls for critical system functions, enabling un
TDC X401GL firmware contains hardcoded default credentials for privileged user accounts, enabling unauthenticated attack
TDC X401GL firmware updates contain hardcoded password hashes for system accounts that are accessible to unauthenticated
Denial of service conditions in TDC X401GL firmware can be triggered by authenticated network attackers through improper
Insufficient validation of login parameters in TDC X401gl Firmware enables open redirect attacks that can redirect authe
TDC X401GL firmware lacks proper authorization controls on privileged operations, allowing authenticated users to trigge
Tdc X401gl Firmware contains an information disclosure vulnerability that allows authenticated attackers to access files
Tdc X401gl firmware lacks clickjacking protections, allowing remote attackers to deceive users into executing unintended
TDC X401GL firmware contains a reflected cross-site scripting vulnerability in URL parameter handling that allows unauth
TDC X401GL devices allow authenticated users to write files to restricted locations due to insufficient access controls,
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today