Stored Cross-Site Scripting Vulnerability in Technicolor TC8715D Devices
CVE-2024-28091

Currently unrated

Key Information:

Vendor: Technicolor
Status: TC8715D
Vendor: CVE Published:; 28 March 2024

🔔 Create Technicolor Vulnerability Alert

What is CVE-2024-28091?

The Technicolor TC8715D and TC8717T devices have been identified to contain a vulnerability that permits attackers in proximity to the Wi-Fi network to execute stored Cross-Site Scripting (XSS) attacks. This vulnerability arises from the User Defined Service functionality within the managed_services_add.asp file, which can be exploited if a victim inadvertently clicks an 'X' for deletion, thus allowing the execution of malicious scripts within the browser. Users are urged to take appropriate measures to secure their devices and mitigate potential threats.

References

https://github.com/actuator/cve/blob/main/Technicolor/CVE...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Mar 4, 2024