SODOLA SL902-SWTGW124AS Reflected Cross-Site Scripting Vulnerability in Management Interface

A reflected cross-site scripting vulnerability has been identified in the SODOLA SL902-SWTGW124AS firmware versions through 200.1.20. This vulnerability exists in the management interface, where user input is not properly encoded before being output. As a result, attackers can create malicious URLs that, when clicked by authenticated users, execute arbitrary JavaScript in the web interface.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users can upgrade to the latest firmware version to address this vulnerability. The firmware upgrade process involves downloading the appropriate firmware file, unzipping it, and using the bin file inside to upgrade the switch. After the upgrade, the system should be restarted and the cache cleared before logging in again. Instructions for backing up the switch's configuration before the upgrade are also available.