CVE-2022-39996

Name of the Vulnerable Software and Affected Versions Teldats Router versions RS123, RS123w

Description The issue allows an attacker to execute arbitrary code via the cmdcookie parameter to the "upgrade/query.php" page. This enables the attacker to perform Cross Site Scripting attacks.

Recommendations For Teldats Router versions RS123, RS123w, consider disabling access to the "upgrade/query.php" page until a patch is available. As a temporary workaround, avoid using the cmdcookie parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.