CVE-2019-3414

Name of the Vulnerable Software and Affected Versions ZTE OTCP product versions prior to V1.19.20.02

Description The issue allows an attacker to invoke security management and obtain resources of a specified operation code owned by a user. This is done by transmitting malicious script code in a parameter. If the front end does not process the returned result from the interface properly, the malicious script may be executed, potentially leading to the theft of user cookies or other important information.

Recommendations For versions prior to V1.19.20.02, update to version V1.19.20.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the security management interface to minimize the risk of exploitation. Additionally, ensure that the front end properly processes returned results from the interface to prevent the execution of malicious scripts.