XSS Vulnerability in Teradek Clip by Teradek
CVE-2021-37374

5.4MEDIUM

Key Information:

Vendor: Teradek
Status: Clip Firmware
Vendor: CVE Published:; 3 February 2023

What is CVE-2021-37374?

The Teradek Clip product has a Cross Site Scripting (XSS) vulnerability that exposes all firmware versions to potential exploitation. Malicious actors can execute arbitrary code through the manipulation of the Friendly Name field in the System Information Settings. Notably, Teradek has announced that this product has reached End of Life, which means it will no longer receive firmware updates to mitigate this security risk.

References

https://tbutler.org/2021/04/29/teradek-vulnerability-advi...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Jul 21, 2021

JSON