Stored XSS Vulnerability in Technicolor TC8715D and TC8717T Devices
CVE-2024-28090
Currently unrated
What is CVE-2024-28090?
A vulnerability exists in certain Technicolor devices, namely the TC8715D and TC8717T models, where a remote attacker within Wi-Fi proximity can exploit stored XSS attacks. By manipulating the 'User name' field in the dyn_dns.asp page, the attacker can execute malicious scripts that could compromise user data and the integrity of the device. This vulnerability allows for unauthorized actions and potentially impacts users connecting to the affected devices.