CVE-2015-4679

Name of the Vulnerable Software and Affected Versions Airties RT-210 (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the web interface. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the ddns domainame and ddns account parameters to ddns.stm are vulnerable.

Recommendations For Airties RT-210, as a temporary workaround, consider restricting access to the ddns.stm endpoint until a patch is available. Avoid using the ddns domainame and ddns account parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.