Stored XSS Vulnerability in EnGenius ESR580 Series
CVE-2024-31972
Currently unrated
What is CVE-2024-31972?
The vulnerability allows a remote attacker to exploit stored XSS weaknesses in EnGenius ESR580 A8J-EMR5000 devices. By injecting malicious scripts into the Wi-Fi SSID input fields, an attacker can execute arbitrary JavaScript under the user's session context. This occurs when an administrator logs into the affected admin pages, specifically /admin/wifi/wlan1 and /admin/wifi/wlan_guest. The immediate execution of embedded scripts poses a serious security risk to device administrators.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.