Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19614

[Affected Devices]

Westermo DR-260 Router - All firmware versions

Westermo DR-250 Router - All firmware versions

Westermo MR-260 Router - All firmware versions

[Description]

The aforementioned router models are known to be vulnerable to reflected Cross-Site-Scripting (XSS).

The component of the web interface affected by this issue is the command console: /cmdexec/cmdexe?cmd=. This would be seen as relatively difficult to exploit in a real-world scenario, however if successful would allow the execution of malicious Javascript within the targets browser.

Working alongside the router vendor, it was established that this vulnerability affects all of the specified router models, regardless of firmware version. Since this product is considered to be EOL, no patches for this issue are expected.

[Credit]

For assistance in identifying this issue, credit should also be given to:

Nettitude - https://www.nettitude.com/uk/