i recently got an rv042 and updated to the most recent (v4.0.4.02-tm (Jul 4 2011 13:30:56)) firmware. but the input to the login page isn't sanitized and seems to be a gaping xss vulnerability. if i enter
edit - looks like disabling Unauthorized Login Attempt logging will prevent the username from being written into the log. so that mitigates the danger. but it's enabled by default and that's the kind of thing i like to see in logs. seems like it deserves a fix.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...