PT-2024-36081 · Seh Computertechnik · Utnserver Promax+2
T. Weber
+1
·
Published
2024-06-04
·
Updated
2025-10-08
·
CVE-2024-5420
CVSS v4.0
8.3
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
SEH Computertechnik utnserver Pro versions prior to 20.1.23
SEH Computertechnik utnserver ProMAX versions prior to 20.1.23
SEH Computertechnik INU-100 versions prior to 20.1.23
Description:
The issue is related to missing input validation in the web-interface of the affected devices, allowing stored Cross-Site Scripting (XSS). This can be exploited by attackers to inject malicious scripts into the web-interface.
Recommendations:
For SEH Computertechnik utnserver Pro versions prior to 20.1.23, update to version 20.1.23 to stay secure.
For SEH Computertechnik utnserver ProMAX versions prior to 20.1.23, update to version 20.1.23 to stay secure.
For SEH Computertechnik INU-100 versions prior to 20.1.23, update to version 20.1.23 to stay secure.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Inu-100
Utnserver Pro
Utnserver Promax