CVE-2024-28089

Name of the Vulnerable Software and Affected Versions Hitron CODA-4582 2AHKM-CODA4589 version 7.2.4.5.1b8

Description The issue allows a remote attacker within Wi-Fi proximity, who has access to the router admin panel, to conduct a DOM-based stored XSS attack. This attack can fetch remote resources and the payload is executed at the index.html#advanced location page, also known as the Device Location page. The attack can cause a denial of service or lead to information disclosure.

Recommendations For Hitron CODA-4582 2AHKM-CODA4589 version 7.2.4.5.1b8, as a temporary workaround, consider restricting access to the admin panel and the index.html#advanced location page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.