CVE-2024-36140

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 12, 2024
Updated: Nov 15, 2024
CWE ID 79

Summary

CVE-2024-36140 is a newly identified vulnerability affecting OZW672 and OZW772 devices, with versions below V5.2 being vulnerable. The user accounts tab on these devices harbors a stored cross-site scripting (XSS) weakness. An authenticated attacker can exploit this flaw by injecting malicious JavaScript code into the affected device. Subsequently, another authenticated user, potentially with higher privileges, could unknowingly execute this code. This vulnerability poses a significant risk for data theft and privilege escalation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share