CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-28091

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00072/1

CVE-2024-28091 is a stored XSS vulnerability affecting Technicolor TC8715D devices, allowing remote attackers within Wi-Fi range to execute malicious scripts. This vulnerability resides in the managed_services_add.asp page through User Defined Service. The victim has to click to trigger the exploit.

While CVE-2024-28091 has a CVSS score of 0 and an SVRS of 30, it is still a risk, as the 'In The Wild' tag indicates that this vulnerability has been observed being exploited. Successful exploitation could lead to unauthorized access, session hijacking, or defacement of the router's administrative interface. Although the SVRS score suggests lower criticality, the presence of the 'In The Wild' tag warrants further investigation and potential mitigation measures to prevent exploitation, especially if the device is accessible to untrusted Wi-Fi networks. Patching and user awareness are key to mitigating this cybersecurity threat.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-03-28
LAST MODIFIED2024-11-12

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-28091 | Technicolor TC8715D 01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T User Defined Service managed_services_add.asp cross site scripting
vuldb.com2024-11-13
CVE-2024-28091 | Technicolor TC8715D 01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T User Defined Service managed_services_add.asp cross site scripting | A vulnerability was found in Technicolor TC8715D 01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T and classified as problematic. This issue affects some unknown processing of the file managed_services_add.asp of the component User Defined Service. The manipulation leads to cross site scripting. The identification of this vulnerability is
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/actuator/cve/blob/main/Technicolor/CVE-2024-28091

CWE Details

CWE IDCWE NameDescription
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence