CVE-2026-3343

MEDIUM

6.1

Descricao

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.

Detalhes CVE

Pontuacao CVSS v3.16.1

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado3/3/2026

Ultima modificacao3/4/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

watchguard:firebox_m270watchguard:firebox_m290watchguard:firebox_m295watchguard:firebox_m370watchguard:firebox_m390watchguard:firebox_m395watchguard:firebox_m440watchguard:firebox_m4600watchguard:firebox_m470watchguard:firebox_m4800watchguard:firebox_m495watchguard:firebox_m5600watchguard:firebox_m570watchguard:firebox_m5800watchguard:firebox_m590watchguard:firebox_m595watchguard:firebox_m670watchguard:firebox_m690watchguard:firebox_m695watchguard:firebox_nv5watchguard:firebox_t115-wwatchguard:firebox_t125watchguard:firebox_t125-wwatchguard:firebox_t145watchguard:firebox_t145-wwatchguard:firebox_t185watchguard:firebox_t20watchguard:firebox_t25watchguard:firebox_t40watchguard:firebox_t45watchguard:firebox_t55watchguard:firebox_t70watchguard:firebox_t80watchguard:firebox_t85watchguard:fireboxcloudwatchguard:fireboxvwatchguard:fireware

Fraquezas (CWE)

CWE-79

Referencias

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004(5d1c2695-1a31-4499-88ae-e847036fd7e3)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.