First published: Tue Mar 12 2019(Updated: )
The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Korenix Jetport Web Manager | ||
Korenix Jetport 5601 Firmware | ||
Korenix JetPort 5601 | ||
Korenix Jetport 5601f Firmware | ||
Korenix Jetport 5601f | ||
All of | ||
Korenix Jetport 5601 Firmware | ||
Korenix JetPort 5601 | ||
All of | ||
Korenix Jetport 5601f Firmware | ||
Korenix Jetport 5601f |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9725 is a vulnerability in the Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devices that allows for persistent cross-site scripting (XSS) attacks via the Port Alias field under Serial Setting.
The severity of CVE-2019-9725 is medium, with a CVSS score of 6.1.
CVE-2019-9725 affects Korenix JetPort 5601 and 5601f devices by allowing attackers to perform persistent XSS attacks via the Port Alias field under Serial Setting.
No, the Korenix JetPort 5601 is not vulnerable to CVE-2019-9725.
Yes, the Korenix JetPort 5601f device is vulnerable to CVE-2019-9725.
To fix CVE-2019-9725, it is recommended to update the Korenix JetPort 5601f firmware to the latest version, which contains a patch for the vulnerability.