Vulnerabilities

CVE-2024-0554

by Fred · 16/01/2024

A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via ‘/setup/diags_ir_learn.asp’, allowing the attacker to retrieve the session details of another user.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : REQUIRED
Confidentiality impact : LOW
Integrity impact : LOW
Base score : 5.4
Base severity : MEDIUM
Exploitability score : 2.3
Impact score : 2.7

Similar

Tags: Cybersecurity Alert