CVE-2018-8062

Name of the Vulnerable Software and Affected Versions Comtrend AR-5387un version A731-410JAZ-C04 R02.A2pD035g.d23i

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. This could potentially lead to unauthorized access or control of the device.

Recommendations For Comtrend AR-5387un version A731-410JAZ-C04 R02.A2pD035g.d23i, consider restricting access to the WAN service creation feature until a patch is available, and avoid using the Service Description parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.