CVE-2018-25035

Name of the Vulnerable Software and Affected Versions Thomson TCW710 version ST5D.10.05

Description A problematic issue was found in the software, affecting an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input > as part of a POST Request leads to cross-site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Thomson TCW710 version ST5D.10.05, as a temporary workaround, consider restricting access to the /goform/RGFirewallEL file to minimize the risk of exploitation. Avoid using the EmailAddress/SmtpServerName argument in the affected POST Request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.