CVE-2021-21799

Name of the Vulnerable Software and Affected Versions Advantech R-SeeNet version 2.4.12

Description The issue exists in the telnet form.php script functionality, allowing for cross-site scripting vulnerabilities. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability, potentially allowing for remote execution of arbitrary code.

Recommendations For Advantech R-SeeNet version 2.4.12, consider disabling the telnet form.php script functionality until a patch is available to prevent exploitation. Restrict access to the telnet form.php script to minimize the risk of arbitrary JavaScript code execution. Avoid using crafted URLs that could trigger this issue until the vulnerability is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.