Moikano

**Name of the Vulnerable Software and Affected Versions** Thomson TCW710 version ST5D.10.05 **Description** A problematic issue has been found in the processing of the file /goform/wlanPrimaryNetwork. The manipulation of the `ServiceSetIdentifier` argument with the input ><script>alert(1)</script> as part of a POST Request leads to basic cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Thomson TCW710 version ST5D.10.05, as a temporary workaround, consider restricting access to the /goform/wlanPrimaryNetwork file to minimize the risk of exploitation. Avoid using the `ServiceSetIdentifier` argument in the affected POST Request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Thomson TCW710 version ST5D.10.05 **Description** A problematic issue was found in the software, affecting an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument `EmailAddress/SmtpServerName` with the input ><script>alert(1)</script> as part of a POST Request leads to cross-site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Thomson TCW710 version ST5D.10.05, as a temporary workaround, consider restricting access to the `/goform/RGFirewallEL` file to minimize the risk of exploitation. Avoid using the `EmailAddress/SmtpServerName` argument in the affected POST Request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Thomson TCW710 version ST5D.10.05 **Description** A vulnerability has been found in an unknown functionality of the file /goform/RgTime. The manipulation of the argument `TimeServer1`, `TimeServer2`, or `TimeServer3` with the input ><script>alert(1)</script> as part of a POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Thomson TCW710 version ST5D.10.05, as a temporary workaround, consider restricting access to the /goform/RgTime file until a patch is available. Avoid using the arguments `TimeServer1`, `TimeServer2`, or `TimeServer3` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Thomson TCW710 version ST5D.10.05 **Description** A vulnerability was found in the file /goform/RgDdns, where the manipulation of the `DdnsHostName` argument with malicious input, such as ><script>alert(1)</script>, as part of a POST request leads to cross-site scripting (Persistent). The attack can be launched remotely. **Recommendations** For Thomson TCW710 version ST5D.10.05, as a temporary workaround, consider restricting access to the /goform/RgDdns file to minimize the risk of exploitation. Avoid using the `DdnsHostName` argument in the affected POST request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Thomson TCW710 version ST5D.10.05 **Description** A problematic issue has been identified, affecting an unknown part of the file /goform/RgDhcp. The manipulation of the `PppUserName` argument with the input ><script>alert(1)</script> as part of a POST Request leads to cross-site scripting (Persistent). This can be initiated remotely. **Recommendations** For Thomson TCW710 version ST5D.10.05, as a temporary workaround, consider restricting access to the `/goform/RgDhcp` endpoint or disabling the manipulation of the `PppUserName` argument until a patch is available. Avoid using the `PppUserName` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Thomson TCW710 version ST5D.10.05 **Description** A vulnerability was found in the file /goform/RgUrlBlock.asp, where the manipulation of the argument `BasicParentalNewKeyword` with the input ><script>alert(1)</script> as part of a POST Request leads to cross site scripting (Persistent). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Thomson TCW710 version ST5D.10.05, as a temporary workaround, consider restricting access to the /goform/RgUrlBlock.asp file until a patch is available. Avoid using the `BasicParentalNewKeyword` argument in the affected POST Request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.