PT-2024-22543 · D Link · Dlink Dwr 5G Cpe+1
Mrnmap
+2
·
Published
2024-11-12
·
Updated
2024-11-13
·
CVE-2024-28728
CVSS v3.1
6.6
Medium
| Vector | AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 version DWR-2000M 1.34ME
Dlink DWR 5G CPE version DWR-2000M 1.34ME
Description
The issue allows a local attacker to obtain sensitive information via a crafted payload to the
WiFi SSID Name field. This is a Cross Site Scripting vulnerability.Recommendations
For DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 version DWR-2000M 1.34ME, avoid using crafted payloads in the WiFi SSID Name field until a fix is available.
For Dlink DWR 5G CPE version DWR-2000M 1.34ME, restrict access to the WiFi SSID Name field to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dlink Dwr 2000M 5G Cpe With Wifi 6 Ax1800
Dlink Dwr 5G Cpe