Vulnerability Details CVE-2024-31975
EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.1%
CVSS Severity
CVSS v3 Score 4.8
Products affected by CVE-2024-31975
-
cpe:2.3:h:engeniustech:ews356-fit:-
-
cpe:2.3:o:engeniustech:ews356-fit_firmware:*