Nu11By73

**Name of the Vulnerable Software and Affected Versions** Vonage VDV-23 115 version 3.2.11-0.9.40 **Description** The issue occurs when a long string of characters is sent in the `loginPassword` and/or `loginUsername` field to the "goform/login" endpoint, causing the router to reboot. **Recommendations** For version 3.2.11-0.9.40, as a temporary workaround, consider restricting access to the "goform/login" endpoint until a patch is available. Avoid using long strings in the `loginUsername` and `loginPassword` fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arris TG1682G devices with Comcast TG1682 2.0s7 PRODse 10.0.59.SIP.PC20.CT software **Description** The issue allows Unauthenticated Stored XSS via the `actionHandler/ajax managed services.php` service parameter. This affects Arris TG1682G devices. **Recommendations** For Arris TG1682G devices with Comcast TG1682 2.0s7 PRODse 10.0.59.SIP.PC20.CT software, consider restricting access to the `actionHandler/ajax managed services.php` service parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vonage VDV-23 115 versions 3.2.11-0.9.40 **Description** The issue concerns stored XSS that can be triggered via the `NewKeyword` or `NewDomain` field to the "/goform/RgParentalBasic" API endpoint. **Recommendations** For Vonage VDV-23 115 versions 3.2.11-0.9.40, as a temporary workaround, consider restricting access to the "/goform/RgParentalBasic" API endpoint until a patch is available. Avoid using the `NewKeyword` or `NewDomain` fields in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.