• caglararli@hotmail.com
  • 05386281520

CVE-2024-3141 | Clavister E10/E80 up to 20240323 Misc Settings Page MiscSettings cross site scripting

Çağlar Arlı      -    30 Views

CVE-2024-3141 | Clavister E10/E80 up to 20240323 Misc Settings Page MiscSettings cross site scripting

A vulnerability has been found in Clavister E10 and E80 up to 20240323 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. This vulnerability was named CVE-2024-3141. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.