CVE-2024-3141

Name of the Vulnerable Software and Affected Versions Clavister E10 and E80 versions up to 14.00.10

Description A vulnerability has been found in the Misc Settings Page component, affecting the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings. The manipulation of the arguments WatchdogTimerTime, BufFloodRebootTime, MaxPipeUsers, AVCache Lifetime, HTTPipeliningMaxReq, Reassembly MaxConnections, Reassembly MaxProcessingMem, and ScrSaveTime leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For Clavister E10 and E80 versions up to 14.00.10, upgrade to version 14.00.11 to address this issue. As a temporary workaround, consider restricting access to the Misc Settings Page component until the upgrade is applied. Avoid using the vulnerable arguments in the affected file until the issue is resolved.