Cross-Site Scripting Flaw in Racom's MIDGE Firmware
CVE-2021-20071

4.8MEDIUM

Key Information:

Vendor: Racom
Status: Racom Midge Firmware
Vendor: CVE Published:; 16 February 2021

What is CVE-2021-20071?

Racom's MIDGE Firmware version 4.4.40.105 has a security flaw that permits attackers to perform cross-site scripting (XSS) attacks through the sms.php dialogs. This vulnerability can potentially allow malicious users to inject harmful scripts into web pages viewed by other users, posing a significant threat to data integrity and user privacy. It is crucial for users of this firmware to address this issue promptly to safeguard their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Racom MIDGE Firmware MIDGE Firmware 4.4.40.105

References

https://www.tenable.com/security/research/tra-2021-04

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 16, 2021
Vulnerability Reserved
Dec 17, 2020

JSON

Racom