We received a notice of a vulnerability from AT&T FirstNet on one of our RV55s. The CVEs,
CVE-2015-9251
CVE-2020-11022
CVE-2019-11358
CVE-2020-11023
all are about versions of jQuery before 3.5.0 The current 4.16.2 firmware has jQuery 1.11.0.
These devices have to be exposed to the public internet .
We just received a similar notice from AT&T for the same CVEs.
I’ve gotten the same notice, no idea what to do about it. Any help would be great, I contacted SW support and they just directed me to a sales page about internet security.
We also have received the alert.
What is odd is that we have 5 of these gateways and only 1 of them is being flagged like this. We have scoured the config and as best we can tell they are all identical in the config and firmware and such.
So SW finally sent out a security bulletin for this (which I got from my vendor not SW) and the solution is to update to FW 4.17.12… which they have removed because of an issue with it. So there is an open security flaw with 4.16 and the fix is to wait for 4.17.1