Lucene search

K
cve[email protected]CVE-2021-37378
HistoryFeb 03, 2023 - 6:15 p.m.

CVE-2021-37378

2023-02-0318:15:13
CWE-79
web.nvd.nist.gov
13
cve-2021-37378
cross site scripting
xss
teradek cube
cube pro
firmware
vulnerability
remote code execution
nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.3%

Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.

Affected configurations

NVD
Node
teradkecube_firmwareRange7.3.07.3.19
AND
teradkecubeMatch-
Node
teradkecube_pro_firmwareRange7.3.07.3.16
AND
teradkecube_proMatch-

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.3%

Related for CVE-2021-37378