CVE-2014-1612

Name of the Vulnerable Software and Affected Versions Media5 Mediatrix 4402 VoIP Gateway versions Dgw 1.1.13.186 and earlier

Description A cross-site scripting issue exists in the Web Management Interface, specifically in login.esp, allowing remote attackers to inject arbitrary web script or HTML via the username parameter.

Recommendations For Media5 Mediatrix 4402 VoIP Gateway versions Dgw 1.1.13.186 and earlier, consider disabling the login functionality in the Web Management Interface until a fix is available. Restrict access to the login.esp module to minimize the risk of exploitation. Avoid using the username parameter in the affected API endpoint until the issue is resolved.