CVE-2018-14784

Name of the Vulnerable Software and Affected Versions NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) versions 2.0.29.11 and prior

Description The issue is related to the device's vulnerability to cross-site scripting attacks, which allows a remote attacker to run arbitrary code on the device. This is due to the lack of protection for the web page structure, enabling an attacker to execute arbitrary JavaScript code in the user's browser.

Recommendations For versions 2.0.29.11 and prior, as a temporary workaround, consider restricting access to the web interface of the device until a patch is available. Avoid using the device's web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.