Cross-Site Scripting Vulnerability in NetComm Wireless G LTE Router
CVE-2018-14784

6.1MEDIUM

Key Information:

Vendor: Ics-cert
Status: Netcomm Wireless G Lte Light Industrial M2m Router (nwl-25) With Firmware 2.0.29.11 And Prior.
Vendor: CVE Published:; 10 August 2018

What is CVE-2018-14784?

The NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) is prone to multiple cross-site scripting vulnerabilities due to improper input validation. This flaw allows remote attackers to execute arbitrary code on the device, potentially leading to unauthorized access and manipulation of device settings. Devices running firmware version 2.0.29.11 and earlier are particularly at risk, emphasizing the need for updates and security best practices to mitigate associated risks.

Affected Version(s)

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior.

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02

x_refsource_MISC

http://www.securityfocus.com/bid/105053

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2018
Vulnerability Reserved
Aug 1, 2018

CVE-2018-14784 Data

JSON

Ics-cert

What is CVE-2018-14784?

Affected Version(s)

References

CVSS V3.1

Timeline