CVE-2024-39363

Medium

A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000…

talos·CWE-80·Published 2025-01-14

CVSS

6.1

EPSS

0.48

KEV

Exploits

cve.orgen

309 chars

A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

NVDen

309 chars

NVDes

356 chars

Existe una vulnerabilidad de secuencias de comandos entre sitios (XSS) en la función set_lang_CountryCode() de login.cgi de Wavlink AC3000 M33A8.V5030.210505. Una solicitud HTTP manipulada especialmente puede provocar la divulgación de información confidencial. Un atacante puede realizar una solicitud HTTP no autenticada para activar esta vulnerabilidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.6	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
3.1	Primary	cve.org	9.6	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L
3.1	Secondary	NVD	9.6	2.8	6.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H