CVE-2024-28402

Name of the Vulnerable Software and Affected Versions TOTOLINK X2000R versions prior to V1.0.0-B20231213.1013

Description The issue is related to a Stored Cross-site scripting (XSS) vulnerability. This vulnerability is located in the IP/Port Filtering section under the Firewall Page. Stored XSS is a type of attack where an attacker injects malicious code into a website, and this code is stored on the server. When other users access the website, the malicious code is executed, potentially allowing the attacker to steal user data or take control of user sessions.

Recommendations For versions prior to V1.0.0-B20231213.1013, update to V1.0.0-B20231213.1013 or later to resolve the issue. As a temporary workaround, consider restricting access to the IP/Port Filtering section under the Firewall Page to minimize the risk of exploitation.