CVE-2021-37373

Name of the Vulnerable Software and Affected Versions Teradek Slice 1st generation firmware versions 7.3.x and earlier

Description The issue allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. This is a result of a Cross Site Scripting (XSS) vulnerability. The vendor has stated that the product has reached End of Life and will not receive any firmware updates to address this issue.

Recommendations For Teradek Slice 1st generation firmware versions 7.3.x and earlier, consider disabling the Friendly Name field in System Information Settings to minimize the risk of exploitation, as no official fix is available due to the product's End of Life status. At the moment, there is no information about a newer version that contains a fix for this vulnerability.