CVE-2020-8430

Name of the Vulnerable Software and Affected Versions Stormshield Network Security 310 version 3.7.10

Description The issue is related to an Open Redirect vulnerability on the captive portal of the affected device. This vulnerability can be exploited by manipulating the rurl parameter in the query string of the auth/lang.html endpoint. For example, an attacker can use rurl=//example.com instead of rurl=https://example.com to redirect users to an arbitrary website.

Recommendations For Stormshield Network Security 310 version 3.7.10, as a temporary workaround, consider restricting access to the auth/lang.html endpoint until a patch is available. Avoid using the rurl parameter in the query string of the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.