Beware: SEH utnserver Pro Vulnerable to Multiple Stored Cross-Site Scripting!
St. Poelten UAS researchers discovered multiple stored cross-site scripting vulnerabilities in SEH utnserver Pro. Hackers might exploit these to execute code in users’ browsers. It’s fixed in version 20.1.35, so unless you want your device to become a web comic villain, update your firmware now.
Hot Take:
When your server’s “Pro” in the name but “Amateur Hour” in execution! SEH utnserver Pro might want to consider renaming itself to “utnserver Please-Update-Me” after a team of cyber detectives discovered it was hosting a cross-site scripting party, and everyone was invited! Next time, maybe password-protect the RSVP list, SEH!
Key Points:
- The SEH utnserver Pro, version 20.1.22, was found vulnerable to multiple stored cross-site scripting (XSS) attacks.
- The vulnerabilities allow malicious scripts to execute in a user’s browser via the device’s web interface.
- Common targets include user passwords, certificate options, device descriptions, and USB passwords.
- The issue was discovered by researchers at St. Pölten UAS and coordinated by CyberDanube.
- The vulnerabilities have been patched in firmware version 20.1.35, which users are advised to update to immediately.
Already a member? Log in here