CVE-2024-31973
- EPSS 0.08%
- Veröffentlicht 30.10.2024 18:15:06
- Zuletzt bearbeitet 01.11.2024 12:57:03
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name (SSID)' input fields to the /index.html#wireless_basic page.
CVE-2024-28089
- EPSS 0.04%
- Veröffentlicht 09.03.2024 07:15:09
- Zuletzt bearbeitet 21.11.2024 09:05:46
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.h...
CVE-2024-25730
- EPSS 0.17%
- Veröffentlicht 23.02.2024 22:15:55
- Zuletzt bearbeitet 05.05.2025 19:16:50
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).
CVE-2020-8824
- EPSS 0.28%
- Veröffentlicht 19.02.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:39:30
Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen.