CVE-2024-31971

Name of the Vulnerable Software and Affected Versions AdTran NetVanta 3120 version 18.01.01.00.E

Description The issue allows remote attackers to inject arbitrary JavaScript code, exploiting multiple stored cross-site scripting (XSS) vulnerabilities. This is demonstrated by various API endpoints, including "/mainPassword.html", "/processIdentity.html", "/public.html", "/dhcp.html", "/private.html", "/hostname.html", "/connectivity.html", "/NetworkMonitor.html", "/trafficMonitoringConfig.html", and "/wizardMain.html".

Recommendations For AdTran NetVanta 3120 version 18.01.01.00.E, as a temporary workaround, consider restricting access to the affected API endpoints until a patch is available. Avoid using these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.