Cross-Site Scripting Vulnerability in Genexis Tilgin Home Gateway
CVE-2024-8022

Currently unrated

Key Information:

Vendor: Genexis
Vendor: CVE Published:; 21 August 2024

What is CVE-2024-8022?

A vulnerability exists within the Genexis Tilgin Home Gateway, specifically related to the handling of the /vood/cgi-bin/vood_view.cgi?lang=EN&act=user/spec_conf file. This issue allows for the manipulation of the Phone Number argument, leading to a cross-site scripting (XSS) vulnerability. The flaw can be exploited remotely, exposing users to potential attacks by leveraging crafted input in the affected function. Despite early disclosure attempts to the vendor, no response has been received, highlighting a gap in the product's security oversight.

References

https://vuldb.com/?id.275291

https://vuldb.com/?ctiid.275291

https://vuldb.com/?submit.389913

Timeline

Vulnerability published
Aug 21, 2024