The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability.
Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected cellular network.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A malicious attacker may be able to execute arbitrary script in the context of the victim's browser.
We are currently unaware of a practical solution to this problem. In the meantime, please consider the following workaround:
Huawei Technologies Affected
Notified: May 06, 2014 Updated: July 01, 2014
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Thanks to Jimson James for reporting this vulnerability.
This document was written by Todd Lewellen.
|Date First Published:||2014-07-21|
|Date Last Updated:||2014-07-21 13:24 UTC|