Vulnerability Description
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Martem | Telem-Gwm Firmware | <= 2018.04.18-linux_4-01-601cb47 |
| Martem | Telem-Gwm | - |
| Martem | Telem-Gw6 Firmware | <= 2018.04.18-linux_4-01-601cb47 |
| Martem | Telem-Gw6 | - |
Related Weaknesses (CWE)
References
- http://martem.eu/csa/Martem_CSA_Telem_1805181.pdfVendor Advisory
- http://www.securityfocus.com/bid/104286Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01Third Party AdvisoryUS Government Resource
- http://martem.eu/csa/Martem_CSA_Telem_1805181.pdfVendor Advisory
- http://www.securityfocus.com/bid/104286Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-10609?
CVE-2018-10609 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code ex...
How severe is CVE-2018-10609?
CVE-2018-10609 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10609?
Check the references section above for vendor advisories and patch information. Affected products include: Martem Telem-Gwm Firmware, Martem Telem-Gwm, Martem Telem-Gw6 Firmware, Martem Telem-Gw6.