PT-2023-12315 · Teradek · Teradek Cube Pro+1
Published
2023-02-03
·
Updated
2024-08-04
·
CVE-2021-37378
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Teradek Cube and Cube Pro versions 7.3.x and earlier
Description
The issue allows remote attackers to run arbitrary code via the
Friendly Name field in System Information Settings. This is a result of a Cross Site Scripting (XSS) vulnerability. The vendor has stated that the product has reached End of Life and will not receive any firmware updates to address this issue.Recommendations
For versions 7.3.x and earlier, consider disabling the
Friendly Name field in System Information Settings to minimize the risk of exploitation, as no firmware updates will be provided to address this issue.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Teradek Cube
Teradek Cube Pro