User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at β/gui/terminal_tool.cgiβ in the βdataβ parameter.
[
{
"defaultStatus": "unaffected",
"product": "H8951-4G-ESP",
"vendor": "Hongdian",
"versions": [
{
"lessThan": "2310271149",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]