CVE-2023-36389

Summary

CVE-2023-36389 is a reflected cross-site scripting (XSS) vulnerability affecting multiple RUGGEDCOM products, including ROX MX5000, ROX MX5000RE, ROX RX1400, ROX RX1500, ROX RX1501, ROX RX1510, ROX RX1511, ROX RX1512, ROX RX1524, ROX RX1536, and ROX RX5000. All versions prior to V2.16.0 are impacted. An attacker can exploit this flaw by crafting a malicious link, which, when accessed by a user, allows the attacker to inject and execute malicious JavaScript code in the user's web browser. The vulnerability occurs due to the web interface reflecting the malformed value directly in the response without proper sanitization, resulting in an "invalid path" error.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.