Cross Site Scripting Vulnerability in DLink DWR 2000M 5G CPE
CVE-2024-28730

5.4MEDIUM

Key Information:

Vendor: D-Link
Status: Dwr-2000m Firmware
Vendor: CVE Published:; 12 November 2024

Summary

A Cross Site Scripting vulnerability exists in DLink DWR 2000M 5G CPE devices, specifically through the VPN configuration module's file upload feature. This flaw permits local attackers to exploit the system, potentially allowing them to access sensitive information. Proper input sanitization and validation measures should be prioritized to mitigate such risks.

References

https://github.com/Mrnmap/mrnmap-cve

https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-2...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 12, 2024