CVE-2024-34577

Name of the Vulnerable Software and Affected Versions WRC-X3000GS2-B WRC-X3000GS2-W WRC-X3000GS2A-B

Description A cross-site scripting vulnerability exists due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.

Recommendations For WRC-X3000GS2-B, consider disabling access to the easysetup.cgi until a patch is available. For WRC-X3000GS2-W, restrict the use of easysetup.cgi to minimize the risk of exploitation. For WRC-X3000GS2A-B, avoid using the easysetup.cgi endpoint until the issue is resolved. As a temporary workaround, consider implementing input validation for the easysetup.cgi endpoint to prevent malicious input values.