CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28089
https://notcve.org/view.php?id=CVE-2024-28089
09 Mar 2024 — Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure. Los dispositivos Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 permiten a un atacante remoto dentro de la proximidad de Wi-Fi (que tiene acc... • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25730
https://notcve.org/view.php?id=CVE-2024-25730
23 Feb 2024 — Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities). Los dispositivos Hitron CODA-4582 y CODA-4589 tienen PSK predeterminados que se generan a partir de valores hexadecimales de 5 dígitos concatenados con una subcadena "Hitron", lo que resulta en una entropía insuficiente (sólo alrededor de un millón de posibilidades). • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-25730 • CWE-331: Insufficient Entropy •