CVE-2022-38814

Name of the Vulnerable Software and Affected Versions FiberHome AN5506-02-B version vRP2521

Description A stored cross-site scripting (XSS) issue in the auth settings component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg loid text field. This enables attackers to potentially manipulate the web application's behavior.

Recommendations For FiberHome AN5506-02-B version vRP2521, consider disabling the auth settings component until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the sncfg loid text field to minimize the risk of arbitrary web script execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.