CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31973
https://notcve.org/view.php?id=CVE-2024-31973
30 Oct 2024 — Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name (SSID)' input fields to the /index.html#wireless_basic page. Los dispositivos Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 permiten que un atacante remoto cerca de una red Wi-Fi realice ataques XSS almacenado a través de los campos de entrada 'Nombre de red (SSID)' en la página /index.html#wireless_basic. • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-31973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28089
https://notcve.org/view.php?id=CVE-2024-28089
09 Mar 2024 — Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure. Los dispositivos Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 permiten a un atacante remoto dentro de la proximidad de Wi-Fi (que tiene acc... • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25730
https://notcve.org/view.php?id=CVE-2024-25730
23 Feb 2024 — Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities). Los dispositivos Hitron CODA-4582 y CODA-4589 tienen PSK predeterminados que se generan a partir de valores hexadecimales de 5 dígitos concatenados con una subcadena "Hitron", lo que resulta en una entropía insuficiente (sólo alrededor de un millón de posibilidades). • https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-25730 • CWE-331: Insufficient Entropy •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8824
https://notcve.org/view.php?id=CVE-2020-8824
19 Feb 2020 — Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. Los dispositivos Hitron CODA-4582U versión 7.1.1.30, permite un ataque de tipo XSS por medio de un nombre Managed Device en la pantalla Wireless ) Access Control ) Add Managed Device. • https://gist.github.com/9thplayer/df042fe48c314dbc1afad80ffed8387d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •