PT-2023-19622 · Unknown+4 · Bs-Gs2016P+5
Published
2023-04-11
·
Updated
2023-04-18
·
CVE-2023-24464
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
BS-GS2008 firmware versions 1.0.10.01 and earlier
BS-GS2016 firmware versions 1.0.10.01 and earlier
BS-GS2024 firmware versions 1.0.10.01 and earlier
BS-GS2048 firmware versions 1.0.10.01 and earlier
BS-GS2008P firmware versions 1.0.10.01 and earlier
BS-GS2016P firmware versions 1.0.10.01 and earlier
BS-GS2024P firmware versions 1.0.10.01 and earlier
Description
A stored-cross-site scripting issue allows an attacker with access to the web management console to execute arbitrary JavaScript on a legitimate user's web browser.
Recommendations
For BS-GS2008 firmware versions 1.0.10.01 and earlier, update to a version later than 1.0.10.01.
For BS-GS2016 firmware versions 1.0.10.01 and earlier, update to a version later than 1.0.10.01.
For BS-GS2024 firmware versions 1.0.10.01 and earlier, update to a version later than 1.0.10.01.
For BS-GS2048 firmware versions 1.0.10.01 and earlier, update to a version later than 1.0.10.01.
For BS-GS2008P firmware versions 1.0.10.01 and earlier, update to a version later than 1.0.10.01.
For BS-GS2016P firmware versions 1.0.10.01 and earlier, update to a version later than 1.0.10.01.
For BS-GS2024P firmware versions 1.0.10.01 and earlier, update to a version later than 1.0.10.01.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bs-Gs2008P
Bs-Gs2016
Bs-Gs2016P
Bs-Gs2024
Bs-Gs2024P
Bs-Gs2048