CVE-2019-17524

Name of the Vulnerable Software and Affected Versions Technicolor TC7300 version STFA.51.20

Description The issue allows remote attackers to inject arbitrary web script via the "Connected Clients" field to the "/wlanAccess.asp" API endpoint. This can be exploited by an intranet host using a crafted hostname.

Recommendations For version STFA.51.20, as a temporary workaround, consider restricting access to the "/wlanAccess.asp" API endpoint until a patch is available. Avoid using the Connected Clients field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.