CVE-2024-28404

Name of the Vulnerable Software and Affected Versions TOTOLINK X2000R versions prior to V1.0.0-B20231213.1013

Description The issue exists due to the lack of protection for the web page structure in the MAC address filtering component of the TOTOLINK X2000R router's firmware. This allows a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is specifically located in the MAC Filtering section under the Firewall Page.

Recommendations For versions prior to V1.0.0-B20231213.1013, update to version V1.0.0-B20231213.1013 or later to resolve the issue. As a temporary workaround, consider restricting access to the MAC Filtering section under the Firewall Page until a patch is applied.