Mediatrix – Reflected XSS in Web Management Interface in Mediatrix 4402 VoIP Gateway

Advisory ID


Vulnerability Information


Mediatrix 4402 running firmware Dgw is vulnerable to a reflected Cross Site Scripting attack (XSS) in login.esp in the Web Management Interface of the solution. The vulnerability can be exploited because it fails to properly sanitize user-supplied input.


Technical Information


Mediatrix Web Management interface is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login.esp script. A remote attacker could exploit this vulnerability using the username parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Release Date





The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit

External Resources



IBM  Vulnerability X-Force

Common Vulnerabilities and Exposures (CVE)