5.2
CVE-2024-28089
- EPSS 0.04%
- Veröffentlicht 09.03.2024 07:15:09
- Zuletzt bearbeitet 21.11.2024 09:05:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerhitrontech
≫
Produkt
coda-4582u_firmware
Default Statusunknown
Version
7.2.4.5.1b8
Status
affected
Herstellerhitrontech
≫
Produkt
coda-4589_firmware
Default Statusunknown
Version
7.2.4.5.1b8
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.118 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.2 | 2.1 | 2.7 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.