Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.
References
| Link | Resource |
|---|---|
| https://github.com/Mrnmap/mrnmap-cve | Third Party Advisory |
| https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-28730-ReflectedXSS | Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
22 Nov 2024, 15:07
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:dlink:dwr-2000m_firmware:1.34me:*:*:*:*:*:*:* cpe:2.3:h:dlink:dwr-2000m:-:*:*:*:*:*:*:* |
|
| References | () https://github.com/Mrnmap/mrnmap-cve - Third Party Advisory | |
| References | () https://github.com/Mrnmap/mrnmap-cve/blob/main/CVE-2024-28730-ReflectedXSS - Third Party Advisory | |
| First Time |
Dlink
Dlink dwr-2000m Firmware Dlink dwr-2000m |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
21 Nov 2024, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
| CWE | CWE-79 |
13 Nov 2024, 17:01
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
12 Nov 2024, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-11-12 23:15
Updated : 2024-11-22 15:07
NVD link : CVE-2024-28730
Mitre link : CVE-2024-28730
CVE.ORG link : CVE-2024-28730
JSON object : View
Products Affected
dlink
- dwr-2000m
- dwr-2000m_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')