CVE-2024-28091

Name of the Vulnerable Software and Affected Versions Technicolor TC8715D version TC8715D-01.EF.04.38.00-180405-S-FF9-D

Description The issue allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed services add.asp. The victim must click an X for a deletion to exploit this issue. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For version TC8715D-01.EF.04.38.00-180405-S-FF9-D, restrict local network access and await a patch. As a temporary workaround, consider restricting access to the managed services add.asp page to minimize the risk of exploitation. Avoid using the User Defined Service feature in managed services add.asp until the issue is resolved.