CVE-2018-0679: XSS
First published: Thu Nov 15 2018(Updated: )
Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FXC 5210PE firmware | <1.00.22 | |
| FXC 5210PE firmware | ||
| FXC fxc5218 | <1.00.22 | |
| FXC fxc5218 firmware | ||
| FXC fxc5224 | <1.00.22 | |
| FXC fxc5224 firmware | ||
| FXC FXC5426F | <1.00.06 | |
| FXC FXC5426F firmware | ||
| FXC FXC5428 | <1.00.07 | |
| FXC FXC5428 firmware | ||
| FXC 5210PE firmware | <1.00.14 | |
| FXC FXC5210PE firmware | ||
| FXC fxc5218pe | <1.00.14 | |
| FXC fxc5218pe firmware | ||
| FXC fxc5224pe firmware | <1.00.14 | |
| FXC fxc5224pe firmware | ||
| FXC AE1021PE firmware | ||
| FXC AE1021 firmware | ||
| FXC AE1021PE firmware | ||
| FXC AE1021PE firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-0679?
CVE-2018-0679 has a potential for high severity due to its ability to allow cross-site scripting attacks on affected FXC network devices.
How do I fix CVE-2018-0679?
To fix CVE-2018-0679, update the firmware of the affected FXC devices to the latest version, specifically Ver1.00.22 or higher for FXC5210/5218/5224 and Ver1.00.06 or higher for FXC5426F, and Ver1.00.07 or higher for FXC5428.
Which FXC devices are affected by CVE-2018-0679?
The devices affected by CVE-2018-0679 include the Managed Ethernet switches FXC5210, FXC5218, FXC5224, FXC5426F, and FXC5428 with firmware versions prior to the specified updates.
What type of vulnerability is CVE-2018-0679?
CVE-2018-0679 is a cross-site scripting (XSS) vulnerability that can allow attackers to execute malicious scripts in the context of a user's browser.
Are there any workarounds for CVE-2018-0679?
Currently, the recommended solution for mitigating CVE-2018-0679 is to apply the necessary firmware updates, as there are no effective workarounds available.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fxc
- canonical/fxc 5210pe firmware
- canonical/fxc fxc5218
- canonical/fxc fxc5218 firmware
- canonical/fxc fxc5224
- canonical/fxc fxc5224 firmware
- canonical/fxc fxc5426f
- canonical/fxc fxc5426f firmware
- canonical/fxc fxc5428
- canonical/fxc fxc5428 firmware
- canonical/fxc fxc5210pe firmware
- canonical/fxc fxc5218pe
- canonical/fxc fxc5218pe firmware
- canonical/fxc fxc5224pe firmware
- canonical/fxc ae1021pe firmware
- canonical/fxc ae1021 firmware