2 matches found
CVE-2021-37373
Teradek Slice (1st generation) firmware 7.3.x and earlier is vulnerable to a Cross Site Scripting (XSS) flaw in the Friendly Name field of System Information Settings. The root cause is improper handling of input in that field, enabling an attacker to execute arbitrary code remotely. Exploitation...
CVE-2018-25155
Summary: CVE-2018-25155 affects Teradek Slice 7.3.15 with a cross-site request forgery vulnerability that lets an attacker change the administrator password without proper request validation. An attacker can lure a logged-in user to view a malicious page that auto-submits password-change requests...