Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-25680

The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched

Published

2021-04-20T12:15:13.230

Last Modified

2024-11-21T05:55:17.247

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adtran	personal_phone_manager	≤ 10.8.1	Yes
Hardware	adtran	netvanta_7060	-	No
Hardware	adtran	netvanta_7100	-	No

References

http://adtran.com Vendor Advisory ([email protected])
http://packetstormsecurity.com/files/162269/Adtran-Personal-Phone-Manager-10.8.1-Cross-Site-Scripting.html Exploit, Third Party Advisory, VDB Entry ([email protected])
https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25680.md Exploit, Third Party Advisory ([email protected])
http://adtran.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/162269/Adtran-Personal-Phone-Manager-10.8.1-Cross-Site-Scripting.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25680.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)