CVE-2024-3576

Name of the Vulnerable Software and Affected Versions NPort 5100A Series versions prior to 1.6

Description The issue exists due to the failure to protect the web page structure, allowing a remote attacker to escalate privileges. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output, which may allow malicious users to obtain sensitive information and escalate privileges.

Recommendations For versions prior to 1.6, upgrade to version 1.6 or later to protect sensitive data and prevent privilege escalation. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation. Avoid using user-controllable input in the affected web server until the issue is resolved.