Calfcrusher

**Name of the Vulnerable Software and Affected Versions** Cudy LT400 version 1.13.4 **Description** The issue concerns a Cross Site Scripting (XSS) problem. It is related to the `cgi-bin/luci/admin/network/wireless/config` API endpoint, specifically via the `iface` parameter. **Recommendations** For Cudy LT400 version 1.13.4, as a temporary workaround, consider restricting access to the `cgi-bin/luci/admin/network/wireless/config` endpoint until a patch is available. Avoid using the `iface` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Cudy LT400 version 1.13.4 **Description** The issue is related to Cross Site Scripting (XSS) in the /cgi-bin/luci/admin/network/bandwidth endpoint via the `icon` parameter. This allows for potential malicious script execution. **Recommendations** For Cudy LT400 version 1.13.4, consider restricting access to the /cgi-bin/luci/admin/network/bandwidth endpoint until a patch is available. As a temporary workaround, avoid using the `icon` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.