CVE-2023-49253

Name of the Vulnerable Software and Affected Versions Device (affected versions not specified)

Description The root user password is hardcoded into the device and cannot be changed in the user interface. Additionally, there is an issue where a user's browser may be forced to execute JavaScript and pass the authentication cookie to an attacker, leveraging an XSS vulnerability located at "/gui/terminal tool.cgi" in the data parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.