Published: 2018/09/13  Last Updated: 2018/09/13

Information from FXC Inc.

Vulnerability ID:JVN#68528150
Title:Multiple FXC network devices vulnerable to cross-site scripting

This is a statement from the vendor itself with no modification by JPCERT/CC.

 XSS vulnerability was confirmed with our L2 product FXC5224.
 We have confirmed that other products in the same series are affected,
 which are described below.
 Our management switches can be configured to authenticate access with
 the login password, to disable GUI logins,
 to limit the number of logins, etc.
 Therefore, the urgency is regarded as moderate.
 However, there is a risk that XSS will be executed if there is a
 malicious administrator,
 products currently under sale were repaired with firmware.
 ※For sales discontinued items, please use the functionalities above
 to lessen the risk.
 Customers using the older firmware with the following products
 should download the latest version from our website and deploy them.
 Product name: Fixed firmware version
 ・ FXC5210/5218/5224: Ver1.00.22 or later
 ・ FXC5210PE/5218PE/5224PE: Ver1.00.14 or later
 ・ FXC5426F: Ver1.00.06 or later
 ・ FXC5428: Ver1.00.07 or later
 Firmware download URL
 ※This site is only for customers who purchased our products.
 Your company name, name, email address, telephone number, and
 the serial number of the products are required.
 About other products
 ・ Other L2/L3 Switch products including smart switches are not vulnerable
 ・ There is no vulnerability in our media converter LEX1k and LE2k
  management card
 ・ There is no vulnerability in our wireless access point AE1031/
  1041/1051 series
 ・ Since we can not fix the FW (Ver. 2.1.0 or before) of AE1021,
please respond with strengthening the login password.
 ・ Our company's WDM lineup should be deployed in a closed network and
  administrators are very limited, so, we will not fix it.
  Please correspond with login password strengthening.
 Please contact our customer support for any questions.
 We apologize for any inconvenience to our customers.
 We will continue to make every effort to improve the quality, we
 appreciate your kindness.