CVE-2019-18233

Name of the Vulnerable Software and Affected Versions Advantech Spectre RT Industrial Routers ERT351 versions 5.1.3 and prior

Description The issue is related to insufficient protection of the web page structure, allowing for reflected XSS attacks. This can be exploited by a remote attacker using a specially crafted URL. The affected product does not neutralize special characters in the error response, enabling attackers to perform a reflected XSS attack.

Recommendations For versions 5.1.3 and prior, consider disabling the error response feature or restricting access to the web interface until a patch is available. As a temporary workaround, avoid using special characters in URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.