Jimson James

**Name of the Vulnerable Software and Affected Versions** Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the web interface, which allows remote attackers to inject arbitrary web script or HTML via an SMS message. This could potentially lead to unauthorized access or control of the modem. **Recommendations** For the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03, consider restricting access to the web interface until a patch is available. As a temporary workaround, avoid using the web interface to process SMS messages that may contain malicious scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.