Cross Site Scripting Vulnerability in Teradek Slice 1st Generation Firmware
CVE-2021-37373

5.4MEDIUM

Key Information:

Vendor: Teradek
Status: Slice Firmware
Vendor: CVE Published:; 3 February 2023

What is CVE-2021-37373?

A Cross Site Scripting (XSS) vulnerability exists in the Teradek Slice 1st generation firmware (versions 7.3.x and earlier), allowing remote attackers to execute arbitrary code via the Friendly Name field within System Information Settings. This vulnerability poses significant risks as it can facilitate unauthorized actions and data manipulation. Additionally, the vendor has indicated that the affected product has reached its end of life and will not be receiving further firmware updates to mitigate this issue.

References

https://tbutler.org/2021/04/29/teradek-vulnerability-advi...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Jul 21, 2021

JSON