The configuration data page of the web-based-management of affected devices has been vulnerable to stored XSS (Cross-Site Scripting) attacks. This leads to a limited impact of confidentiality and integrity but no impact of availability.