Vulnerability Details CVE-2024-28401
TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.8%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_1_Root_Access_Control/XSS.md
- https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html
- https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_1_Root_Access_Control/XSS.md
- https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html
Products affected by CVE-2024-28401
-
cpe:2.3:h:totolink:x2000r:-
-
cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20221212.1452
-
cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20230221.0948
-
cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20230221.0948.web