Vulnerability Description
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adtran | Personal Phone Manager | <= 10.8.1 |
| Adtran | Netvanta 7060 | - |
| Adtran | Netvanta 7100 | - |
Related Weaknesses (CWE)
References
- http://adtran.comVendor Advisory
- http://packetstormsecurity.com/files/162269/Adtran-Personal-Phone-Manager-10.8.1ExploitThird Party AdvisoryVDB Entry
- https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-202ExploitThird Party Advisory
- http://adtran.comVendor Advisory
- http://packetstormsecurity.com/files/162269/Adtran-Personal-Phone-Manager-10.8.1ExploitThird Party AdvisoryVDB Entry
- https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-202ExploitThird Party Advisory
FAQ
What is CVE-2021-25680?
CVE-2021-25680 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later ...
How severe is CVE-2021-25680?
CVE-2021-25680 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25680?
Check the references section above for vendor advisories and patch information. Affected products include: Adtran Personal Phone Manager, Adtran Netvanta 7060, Adtran Netvanta 7100.