Vulnerability Note VU#252294
Mediatrix 4402 digital gateway web interface contains a cross-site scripting (XSS) vulnerability
Mediatrix's web management interface for the 4402 digital gateway device with firmware version Dgw 22.214.171.124, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. (CWE-79)
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Mediatrix's web management interface for the 4402 digital gateway device with firmware version Dgw 126.96.36.199, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. The reflected XSS is found in the login page's vulnerable parameter "username". The following is a proof-of-concept of the XSS vulnerability.
A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.
We are currently unaware of a practical solution to this problem. Please consider the following workaround.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|media5 Corporation||Affected||14 Jan 2014||03 Feb 2014|
CVSS Metrics (Learn More)
Thanks to Tudor Enache of Help AG Middle East for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2014-1612
- Date Public: 23 Jan 2014
- Date First Published: 03 Feb 2014
- Date Last Updated: 07 Apr 2014
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.