PT-2014-4257 · Media5 · Media5 Mediatrix 4402 Voip Gateway

Published

2014-01-30

Updated

2018-10-09

CVE-2014-1612

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Media5 Mediatrix 4402 VoIP Gateway versions Dgw 1.1.13.186 and earlier

Description A cross-site scripting issue exists in the Web Management Interface, specifically in login.esp, allowing remote attackers to inject arbitrary web script or HTML via the username parameter.

Recommendations For Media5 Mediatrix 4402 VoIP Gateway versions Dgw 1.1.13.186 and earlier, consider disabling the login functionality in the Web Management Interface until a fix is available. Restrict access to the login.esp module to minimize the risk of exploitation. Avoid using the username parameter in the affected API endpoint until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2014-1612

Affected Products

Media5 Mediatrix 4402 Voip Gateway

PT-2014-4257 · Media5 · Media5 Mediatrix 4402 Voip Gateway

CVE-2014-1612

Weakness Enumeration

Related Identifiers

Affected Products

References · 8