CVE-2014-10018

Name of the Vulnerable Software and Affected Versions Teracom T2-B-Gawv1.4U10Y-BI modem

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the essid parameter in the /webconfig/wlan/country.html/country endpoint.

Recommendations For the Teracom T2-B-Gawv1.4U10Y-BI modem, as a temporary workaround, consider restricting access to the /webconfig/wlan/country.html/country endpoint to minimize the risk of exploitation. Avoid using the essid parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.