CVE-2018-5071

Name of the Vulnerable Software and Affected Versions Cobham Sea Tel 116 build 222429

Description A persistent XSS issue exists in the web server of the affected device, allowing remote attackers to inject malicious JavaScript code. This can be achieved through the device's TELNET shell using built-in commands, such as the set ship name command. The issue bears resemblance to a Cross Protocol Injection with SNMP.

Recommendations For Cobham Sea Tel 116 build 222429, consider disabling the TELNET shell or restricting access to it as a temporary workaround until a patch is available. Avoid using the set ship name command and other potentially vulnerable built-in commands in the TELNET shell to minimize the risk of exploitation.