CVE-2023-39678
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-39678 is a newly discovered cross-site scripting (XSS) vulnerability affecting the Log Query page of BDCOM OLT P3310D-2AC device web interface running on version 10.1.0F Build 69083. This issue permits attackers to inject malicious web scripts or HTML code into the username parameter, potentially leading to unauthorized access or data theft when a user visits a specially crafted link. Successful exploitation could enable attackers to steal sensitive information, install malware, or perform other unintended actions on the affected system. Users are strongly encouraged to upgrade to the latest software version or implement appropriate security measures to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Shanghai Bdcom