CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40112
https://notcve.org/view.php?id=CVE-2024-40112
02 Jun 2025 — A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information. Existe una vulnerabilidad de inclusión de archivos locales (LFI) en Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 y versiones anteriores, que permite a un atacante manipular la cookie de idioma para incluir arch... • http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40113
https://notcve.org/view.php?id=CVE-2024-40113
02 Jun 2025 — Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials. Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 y anteriores es vulnerable al uso de credenciales predeterminadas. • http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads • CWE-1392: Use of Default Credentials •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40114
https://notcve.org/view.php?id=CVE-2024-40114
02 Jun 2025 — A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code. Una vulnerabilidad de cross-site-scripting (XSS) en Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 y anteriores permite a un atacante manipular la cookie de idioma para inyectar código JavaScript malicioso. • http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •