CVE-2024-0554 Information

Description

A Cross-site scripting (XSS) vulnerability has been found on WIC1200 affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via ‘/setup/diags_ir_learn.asp’ allowing the attacker to retrieve the session details of another user.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200