Vulnerability Details CVE-2024-28403
TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.6%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_5_VPN/XSS.md
- https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html
- https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_5_VPN/XSS.md
- https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html
Products affected by CVE-2024-28403
-
cpe:2.3:h:totolink:x2000r:-
-
cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20221212.1452
-
cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20230221.0948
-
cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20230221.0948.web