CVE-2014-9020

Name of the Vulnerable Software and Affected Versions ZTE ZXDSL versions 831 and 831CII

Description A cross-site scripting (XSS) issue exists in the Quick Stats page, specifically in the psilan.cgi component, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the domainname parameter in a save action.

Recommendations For ZTE ZXDSL versions 831 and 831CII, consider restricting access to the psilan.cgi component as a temporary workaround until a patch is available. Avoid using the domainname parameter in the affected save action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.