CVE-2021-37377

Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
teradekbrik_firmware
7.2.0 ≤
𝑥
≤ 7.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tbutler.org/2021/04/29/teradek-vulnerability-advisory
https://tbutler.org/2021/04/29/teradek-vulnerability-advisory