Sign-up

ID

VAR-202403-3014


CVE

CVE-2024-28090


TITLE

Technicolor TC8715D Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-16939

DESCRIPTION

Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. Technicolor TC8715D is a wireless router from the French company Technicolor. Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T has a cross-site scripting vulnerability, which can be exploited by attackers to obtain sensitive information such as user cookies

Trust: 1.44

sources: NVD: CVE-2024-28090 // CNVD: CNVD-2024-16939

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-16939

AFFECTED PRODUCTS

vendor:technicolormodel:tc8715d tc8715d-01.ef.04.38.00-180405-s-ff9-d rse-tc8717tscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-16939

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2024-16939
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-16939
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2024-16939

EXTERNAL IDS

db:NVDid:CVE-2024-28090

Trust: 1.6

db:CNVDid:CNVD-2024-16939

Trust: 0.6

sources: CNVD: CNVD-2024-16939 // NVD: CVE-2024-28090

REFERENCES

url:https://github.com/actuator/cve/blob/main/technicolor/cve-2024-28090

Trust: 1.0

url:https://cxsecurity.com/cveshow/cve-2024-28090/

Trust: 0.6

sources: CNVD: CNVD-2024-16939 // NVD: CVE-2024-28090

SOURCES

db:CNVDid:CNVD-2024-16939
db:NVDid:CVE-2024-28090

LAST UPDATE DATE

2024-08-14T13:19:19.442000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-16939date:2024-04-08T00:00:00
db:NVDid:CVE-2024-28090date:2024-03-28T20:53:20.813

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-16939date:2024-04-10T00:00:00
db:NVDid:CVE-2024-28090date:2024-03-28T20:15:07.833