Sign-up

ID

VAR-202403-3014


CVE

CVE-2024-28090


TITLE

Technicolor TC8715D Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-16939

DESCRIPTION

Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. Technicolor TC8715D is a wireless router from the French company Technicolor. Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T has a cross-site scripting vulnerability, which can be exploited by attackers to obtain sensitive information such as user cookies

Trust: 1.44

sources: NVD: CVE-2024-28090 // CNVD: CNVD-2024-16939

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-16939

AFFECTED PRODUCTS

vendor:technicolormodel:tc8715d tc8715d-01.ef.04.38.00-180405-s-ff9-d rse-tc8717tscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-16939

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-28090
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2024-16939
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-16939
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-28090
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-16939 // NVD: CVE-2024-28090

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2024-28090

EXTERNAL IDS

db:NVDid:CVE-2024-28090

Trust: 1.6

db:CNVDid:CNVD-2024-16939

Trust: 0.6

sources: CNVD: CNVD-2024-16939 // NVD: CVE-2024-28090

REFERENCES

url:https://github.com/actuator/cve/blob/main/technicolor/cve-2024-28090

Trust: 1.0

url:https://cxsecurity.com/cveshow/cve-2024-28090/

Trust: 0.6

sources: CNVD: CNVD-2024-16939 // NVD: CVE-2024-28090

SOURCES

db:CNVDid:CNVD-2024-16939
db:NVDid:CVE-2024-28090

LAST UPDATE DATE

2026-04-16T05:29:27.170000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-16939date:2024-04-08T00:00:00
db:NVDid:CVE-2024-28090date:2026-04-15T00:35:42.020

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-16939date:2024-04-10T00:00:00
db:NVDid:CVE-2024-28090date:2024-03-28T20:15:07.833