CVE-2014-0337

Name of the Vulnerable Software and Affected Versions Huawei Echo Life HG8247 routers versions prior to V100R006C00SPC127

Description A cross-site scripting (XSS) issue exists in the web interface, allowing remote attackers to inject arbitrary web script or HTML via a crafted username in an invalid TELNET connection attempt. This occurs because the username is not properly handled during the construction of the "failed log-in attempts over telnet" log view.

Recommendations For versions prior to V100R006C00SPC127, update to V100R006C00SPC127 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the username variable in the affected log view until the issue is resolved.