CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31971
https://notcve.org/view.php?id=CVE-2024-31971
24 Jul 2024 — Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. **UNSUPPORTED WHEN ASSIGNED** Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices all... • https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31971 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28093
https://notcve.org/view.php?id=CVE-2024-28093
26 Mar 2024 — The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. El servicio TELNET de los dispositivos AdTran NetVanta 3120 18.01.01.00.E está habilitado de forma predeterminada y tiene credenciales predeterminadas para una cuenta de nivel raíz. **UNSUPPORTED WHEN ASSIGNED** The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. • https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-28093 • CWE-1392: Use of Default Credentials •