CVE-2024-28092 Information

Description

UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp RgDdns.asp RgTime.asp RgDiagnostics.asp or RgParentalBasic.asp. The affected fields are SMTP Server Name SMTP Username Host Name Time Server 1 Time Server 2 Time Server 3 Target Add Keyword Add Domain and Add Allowed Domain.

Reference

https://github.com/actuator/cve/blob/main/Ubee/CVE-2024-28092