CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31973
https://notcve.org/view.php?id=CVE-2024-31973
30 Oct 2024 — Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name (SSID)' input fields to the /index.html#wireless_basic page. Los dispositivos Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 permiten que un atacante remoto cerca de una red Wi-Fi realice ataques XSS almacenado a través de los campos de entrada 'Nombre de red (SSID)' en la página /index.html#wireless_basic. • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-31973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28089
https://notcve.org/view.php?id=CVE-2024-28089
09 Mar 2024 — Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure. Los dispositivos Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 permiten a un atacante remoto dentro de la proximidad de Wi-Fi (que tiene acc... • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25730
https://notcve.org/view.php?id=CVE-2024-25730
23 Feb 2024 — Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities). Los dispositivos Hitron CODA-4582 y CODA-4589 tienen PSK predeterminados que se generan a partir de valores hexadecimales de 5 dígitos concatenados con una subcadena "Hitron", lo que resulta en una entropía insuficiente (sólo alrededor de un millón de posibilidades). • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-25730 • CWE-331: Insufficient Entropy •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30603 – Hitron Technologies Inc. CODA-5310 - Using default credentials
https://notcve.org/view.php?id=CVE-2023-30603
02 Jun 2023 — Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service. • https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html • CWE-287: Improper Authentication CWE-1392: Use of Default Credentials •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47616 – Hitron Technologies Inc. CODA-5310 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2022-47616
02 Jun 2023 — Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. • https://www.twcert.org.tw/tw/cp-132-7082-373d5-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30602 – Hitron Technologies Inc. CODA-5310 - Insecure service Telnet
https://notcve.org/view.php?id=CVE-2023-30602
02 Jun 2023 — Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator. • https://www.twcert.org.tw/tw/cp-132-7084-74e83-1.html • CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47617 – Hitron Technologies Inc. CODA-5310 - Hard-coded Cryptographic Key
https://notcve.org/view.php?id=CVE-2022-47617
02 Jun 2023 — Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. • https://www.twcert.org.tw/tw/cp-132-7083-94e13-1.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30604 – Hitron Technologies Inc. CODA-5310 - Broken Access Control
https://notcve.org/view.php?id=CVE-2023-30604
02 Jun 2023 — It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service. • https://www.twcert.org.tw/tw/cp-132-7086-35622-1.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25017
https://notcve.org/view.php?id=CVE-2022-25017
01 Apr 2022 — Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. Los dispositivos Hitron CHITA versión 7.2.2.0.3b6-CD, contienen una vulnerabilidad de inyección de comandos por medio del campo Device/DDNS ddnsUsername • https://gist.github.com/zaee-k/390b2f8e50407e4b199df806baa7e4ef • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8824
https://notcve.org/view.php?id=CVE-2020-8824
19 Feb 2020 — Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. Los dispositivos Hitron CODA-4582U versión 7.1.1.30, permite un ataque de tipo XSS por medio de un nombre Managed Device en la pantalla Wireless ) Access Control ) Add Managed Device. • https://gist.github.com/9thplayer/df042fe48c314dbc1afad80ffed8387d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •