cve/CVE-2024-28089.md at c052d0d6949679697108fa931a00cd4220694869

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-31 10:40:54 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure.

POC

Reference

https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089
https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC.gif
https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC_DOS_ALT.gif

Github

https://github.com/actuator/cve
https://github.com/fkie-cad/nvd-json-data-feeds

1.0 KiB Raw Blame History

CVE-2024-28089

Description

POC

Reference

Github

1.0 KiB

Raw Blame History