CVE-2024-3141 | Clavister E10/E80 up to 20240323 Misc Settings Page MiscSettings cross site scripting

A vulnerability has been found in Clavister E10 and E80 up to 20240323 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting.

This vulnerability was named CVE-2024-3141. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-3141 | Clavister E10/E80 up to 20240323 Misc Settings Page MiscSettings cross site scripting

Post correlati

CVE-2023-49691 | Siemens RUGGEDCOM RM1224 LTE EU up to 7.x os command injection (ssa-180704)

CVE-2024-44556 | Tenda AX1806 1.0.0.1 setIptvInfo stballvlans stack-based overflow

CVE-2023-25651 | ZTE Mobile Internet Products up to V1.0.0B01/V1.0.0B04 on Linux interface sql injection

CVE-2024-37661 | TP-LINK TL-7DR5130 1.0.23 ICMP Redirect Message Remote Code Execution