PT-2023-12313 · Teradek · Bond 2+2
Published
2023-02-03
·
Updated
2024-08-04
·
CVE-2021-37376
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Teradek Bond, Bond 2 and Bond Pro versions 7.3.x and earlier
Description
A Cross Site Scripting (XSS) issue allows remote attackers to run arbitrary code via the
Friendly Name field in System Information Settings. The vendor states that the product has reached End of Life and will not receive any firmware updates to address this issue.Recommendations
For versions 7.3.x and earlier, consider disabling the
Friendly Name field in System Information Settings to minimize the risk of exploitation, as no firmware updates will be provided to address this issue.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bond 2
Bond Pro
Teradek Bond