Vulnerability Description
Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teradke | Cube Firmware | >= 7.3.0, <= 7.3.19 |
| Teradke | Cube | - |
| Teradke | Cube Pro Firmware | >= 7.3.0, <= 7.3.16 |
| Teradke | Cube Pro | - |
Related Weaknesses (CWE)
References
- https://tbutler.org/2021/04/29/teradek-vulnerability-advisoryExploitThird Party Advisory
- https://tbutler.org/2021/04/29/teradek-vulnerability-advisoryExploitThird Party Advisory
FAQ
What is CVE-2021-37378?
CVE-2021-37378 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information...
How severe is CVE-2021-37378?
CVE-2021-37378 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37378?
Check the references section above for vendor advisories and patch information. Affected products include: Teradke Cube Firmware, Teradke Cube, Teradke Cube Pro Firmware, Teradke Cube Pro.