Profitap Blog

Return to Blog

X2-Series Firmware v0.13.6 and x0.13.7 Security Notice


X2-Series Security Notice & Firmware v0.13.6 and x0.13.7


Potentially affected products
X2-Series NPBs (any version).
Non-affected products
All other Profitap products.
Scope of the vulnerability:
The Profitap X2-Manager Web-UI on X2-Series NPBs through 0.13.3 allows reflected Cross-site Scripting.
While this vulnerability doesn't impact the X2-Series devices directly, it can allow a malicious link to inject arbitrary HTML and JavaScript code into the back-end response.
Profitap has released X2-Series firmware images v0.13.6 and x0.13.7 to address this risk.
Profitap recommends updating the X2-Series devices as soon as possible and, as precautionary means, changing login credentials using a robust and unique password.