CVE-2007-4488

Name of the Vulnerable Software and Affected Versions Siemens Gigaset SE361 WLAN router version 1.00.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific portions of the URI, leading to cross-site scripting (XSS) vulnerabilities. This can be achieved by manipulating the filename for a GIF file or the login.tri filename. The exploitation of the GIF filename vulnerability results in the display of the GIF file in text format and an unspecified denial of service, while the login.tri filename vulnerability triggers a continuous loop of the browser attempting to visit the login page.

Recommendations For Siemens Gigaset SE361 WLAN router version 1.00.0, consider restricting access to the router's web interface until a patch is available. As a temporary workaround, avoid using the affected filenames, such as those for GIF files or the login.tri filename, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.