Stored XSS Vulnerability in Technicolor TC8715D and TC8717T Devices
CVE-2024-28090

Currently unrated

Key Information:

Vendor
CVE Published:
28 March 2024

What is CVE-2024-28090?

A vulnerability exists in certain Technicolor devices, namely the TC8715D and TC8717T models, where a remote attacker within Wi-Fi proximity can exploit stored XSS attacks. By manipulating the 'User name' field in the dyn_dns.asp page, the attacker can execute malicious scripts that could compromise user data and the integrity of the device. This vulnerability allows for unauthorized actions and potentially impacts users connecting to the affected devices.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.