Multi-Tech Systems “MultiModem iSMS” appliance is affected by multiple XSS (cross-site scripting) vulnerabilities, which potientally leads to the comprimise of the device.
For the latest advisory Click Here
Attack #2 is more interesting because it can be remotely exploited via a SMS message.
When reporting this issue it did come into question the 160 character limitation of SMS technology and if this would to limit the attacker. In the proof of concept video, you can see exploitation was successful with 158 characters using the Browser Exploitation Framework BeEF!
please visit www.securitypentest.com for the original advisory.