CVE-2024-55544

Name of the Vulnerable Software and Affected Versions ORing IAP-420 versions 2.01e and below

Description The issue is caused by missing input validation in the web interface of ORing IAP-420, allowing stored Cross-Site Scripting (XSS). This enables attackers to store malicious scripts on the device, which can then be executed by other users, potentially leading to unauthorized access or data theft.

Recommendations For versions 2.01e and below, update to a version that includes input validation for the web interface to prevent stored Cross-Site Scripting (XSS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.