CVE-2021-37375

Name of the Vulnerable Software and Affected Versions Teradek VidiU / VidiU Mini versions 3.0.8 and earlier

Description A Cross Site Scripting (XSS) issue allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. The product has reached End of Life and will not receive any firmware updates to address this issue.

Recommendations For versions 3.0.8 and earlier, as a temporary workaround, consider restricting access to the System Information Settings to minimize the risk of exploitation. Avoid using the Friendly Name field in System Information Settings until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.