Information from FXC Inc.

　XSS vulnerability was confirmed with our L2 product FXC5224.
　
　We have confirmed that other products in the same series are affected,
　which are described below.
　
　Our management switches can be configured to authenticate access with
　the login password, to disable GUI logins,
　to limit the number of logins, etc.
　Therefore, the urgency is regarded as moderate.
　
　However, there is a risk that XSS will be executed if there is a
　malicious administrator,
　products currently under sale were repaired with firmware.
　※For sales discontinued items, please use the functionalities above
　to lessen the risk.
　
　Customers using the older firmware with the following products
　should download the latest version from our website and deploy them.
　
　Product name: Fixed firmware version
　・ FXC5210/5218/5224: Ver1.00.22 or later
　・ FXC5210PE/5218PE/5224PE: Ver1.00.14 or later
　・ FXC5426F: Ver1.00.06 or later
　・ FXC5428: Ver1.00.07 or later
　
　Firmware download URL
　https://www.fxc.jp/cgi-bin/certify/index.html
　※This site is only for customers who purchased our products.
　Your company name, name, email address, telephone number, and
　the serial number of the products are required.
　
　About other products
　・ Other L2/L3 Switch products including smart switches are not vulnerable
　・ There is no vulnerability in our media converter LEX1k and LE2k
　 management card
　・ There is no vulnerability in our wireless access point AE1031/
　 1041/1051 series
　・ Since we can not fix the FW (Ver. 2.1.0 or before) of AE1021,
please respond with strengthening the login password.
　・ Our company's WDM lineup should be deployed in a closed network and
　 administrators are very limited, so, we will not fix it.
　 Please correspond with login password strengthening.
　
　Please contact our customer support for any questions.
　
　We apologize for any inconvenience to our customers.
　
　We will continue to make every effort to improve the quality, we
　appreciate your kindness.