CVE-2024-31972

Published: Oct 30, 2024

Modified: Oct 31, 2024

PUBLISHED

Description

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution (under the context of the user's session) via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediately when a user logs into the admin page. This affects /admin/wifi/wlan1 and /admin/wifi/wlan_guest.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-31972

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-31972

Description

Affected Products

References