Vulnerability Description: CWE-1021: Improper Restriction of Rendered UI Layers or Frames
Software Version: All versions
NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-15793
CVSv3: 4.5
Severity: Medium
Credits: Davide De Rubeis, Damiano Proietti, Matteo Brutti, Stefano Scipioni, Massimiliano Brolli
The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by tricking that user to click on a website controlled by the attacker.