CVE-2024-57237

Name of the Vulnerable Software and Affected Versions Prolink 4G LTE Mobile Wi-Fi DL-7203E version 4.0.0B05

Description The issue arises due to a Cross Site Scripting (XSS) vulnerability in the "/reqproc/proc get" endpoint. This occurs because the cmd parameter does not properly sanitize input, and the response is served with a Content-Type of text/html, allowing the browser to execute injected JavaScript code.

Recommendations For Prolink 4G LTE Mobile Wi-Fi DL-7203E version 4.0.0B05, as a temporary workaround, consider disabling access to the "/reqproc/proc get" endpoint until a patch is available. Additionally, restrict the use of the cmd parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.