Cross-Site Scripting Vulnerability in BDCOM P3310D by BDCOM
CVE-2026-6996

4.8MEDIUM

Key Information:

Vendor: Bdcom
Status: P3310d
Vendor: CVE Published:; 25 April 2026

What is CVE-2026-6996?

A vulnerability has been found in BDCOM P3310D 0.4.2 10.1.0F Build 86345, specifically within the rmon event Tab functionality. This weakness allows for cross-site scripting attacks that can be executed remotely by manipulating the Description argument. Publicly available exploits could facilitate these attacks, highlighting a significant security flaw that needs immediate attention. Despite attempts to notify the vendor about this issue, BDCOM has not responded.

Affected Version(s)

P3310D 0.4.2 10.1.0F Build 86345

References

https://vuldb.com/vuln/359555

vdb-entrytechnical-description

https://vuldb.com/vuln/359555/cti

signaturepermissions-required

https://vuldb.com/submit/797247

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2026
Vulnerability Reserved
Apr 24, 2026

Credit

Fergod (VulDB User)

VulDB CNA Team

CVE-2026-6996 Data

JSON

Bdcom

What is CVE-2026-6996?

Affected Version(s)

References

CVSS V4

Timeline

Credit