nvd-json-data-feeds/CVE-2024/CVE-2024-280xx/CVE-2024-28089.json

{
  "id": "CVE-2024-28089",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-03-09T07:15:09.577",
  "lastModified": "2024-03-11T01:32:29.610",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 permiten a un atacante remoto dentro de la proximidad de Wi-Fi (que tiene acceso al panel de administraci\u00f3n del router) realizar un ataque XSS almacenado basado en DOM que puede recuperar recursos remotos. El payload se ejecuta en index.html#advanced_location (tambi\u00e9n conocida como la p\u00e1gina Ubicaci\u00f3n del dispositivo). Esto puede provocar una denegaci\u00f3n de servicio o dar lugar a la divulgaci\u00f3n de informaci\u00f3n."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC.gif",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC_DOS_ALT.gif",
      "source": "cve@mitre.org"
    }
  ]
}