CVE-2024-28090

Name of the Vulnerable Software and Affected Versions Technicolor TC8715D version TC8715D-01.EF.04.38.00-180405-S-FF9-D

Description The issue allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the User name in the "dyn dns.asp" page. This enables the attacker to potentially inject malicious scripts into the device.

Recommendations For version TC8715D-01.EF.04.38.00-180405-S-FF9-D, as a temporary workaround, consider restricting access to the "dyn dns.asp" page until a patch is available. Avoid using the User name field in this page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.