CVE-2023-39678

Name of the Vulnerable Software and Affected Versions BDCOM OLT P3310D-2AC version 10.1.0F Build 69083

Description A cross-site scripting (XSS) vulnerability in the device web interface, specifically the Log Query page, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. This vulnerability enables attackers to potentially steal user sessions, hijack user accounts, or perform other malicious actions.

Recommendations For BDCOM OLT P3310D-2AC version 10.1.0F Build 69083, as a temporary workaround, consider restricting access to the Log Query page until a patch is available. Additionally, avoid using the username parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.