CVE-2024-31973

Name of the Vulnerable Software and Affected Versions Hitron CODA-4582 2AHKM-CODA4589 version 7.2.4.5.1b8

Description The issue allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the Network Name (SSID) input fields to the "/index.html#wireless basic" API endpoint.

Recommendations For Hitron CODA-4582 2AHKM-CODA4589 version 7.2.4.5.1b8, consider disabling the wireless settings page or restricting access to the "/index.html#wireless basic" endpoint until a patch is available. Avoid using the Network Name (SSID) input fields in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.