CVE-2016-2274
Description
An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in Adcon Telemetry A850 Telemetry Gateway Base Station web interface allows injection of arbitrary JavaScript.
Vulnerability
The Adcon Telemetry A850 Telemetry Gateway Base Station web interface fails to neutralize or incorrectly neutralizes user-controllable input before placing it in output, leading to a cross-site scripting (XSS) vulnerability [1]. All versions of the A850 Telemetry Gateway Base Station are affected [1].
Exploitation
An attacker can exploit this vulnerability remotely by sending crafted input to the web interface [1]. No authentication is required, and the attacker can inject arbitrary JavaScript that executes in the context of the affected application [1].
Impact
Successful exploitation allows the attacker to inject arbitrary JavaScript, which may affect the integrity of the system [1]. This could lead to actions such as session hijacking, defacement, or redirection to malicious sites, depending on the application's context.
Mitigation
Adcon Telemetry has produced a new firmware version to mitigate this vulnerability [1]. Users should upgrade to the latest firmware version provided by Adcon. The ICS-CERT advisory recommends applying the update to reduce risk [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:o:adcon_telemetry:a850_telemetry_gateway_base_station_firmware:-:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/94781nvdThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-16-343-03nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.