CVE-2024-3141

Summary

A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916.

Affected Software

VendorProductVersion RangeStatus
ClavisterE1014.00.0affected
ClavisterE1014.00.1affected
ClavisterE1014.00.2affected
ClavisterE1014.00.3affected
ClavisterE1014.00.4affected
ClavisterE1014.00.5affected
ClavisterE1014.00.6affected
ClavisterE1014.00.7affected
ClavisterE1014.00.8affected
ClavisterE1014.00.9affected
ClavisterE1014.00.10affected
ClavisterE8014.00.0affected
ClavisterE8014.00.1affected
ClavisterE8014.00.2affected
ClavisterE8014.00.3affected
ClavisterE8014.00.4affected
ClavisterE8014.00.5affected
ClavisterE8014.00.6affected
ClavisterE8014.00.7affected
ClavisterE8014.00.8affected
ClavisterE8014.00.9affected
ClavisterE8014.00.10affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References