CVE-2021-37374

Name of the Vulnerable Software and Affected Versions Teradek Clip all firmware versions

Description The issue allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. This is a result of a Cross Site Scripting (XSS) issue. The vendor has stated that the product has reached End of Life and will not receive any firmware updates to address this issue.

Recommendations For all firmware versions, since the product has reached End of Life and no updates will be provided, consider restricting access to the System Information Settings to minimize the risk of exploitation. As a temporary workaround, avoid using the Friendly Name field until alternative mitigation measures can be implemented. At the moment, there is no information about a newer version that contains a fix for this issue.