CVE-2024-53943

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 3, 2025

Updated: Feb 5, 2025

CWE ID 79

Summary

CVE-2024-53943 is a newly disclosed vulnerability affecting NRadio N8-180 NROS-1.9.2.n3.c5 devices. The issue lies in the /cgi-bin/luci/nradio/basic/radio endpoint, which is susceptible to Cross-Site Scripting (XSS) attacks. Maliciously crafted 2.4 GHz and 5 GHz name parameters can be used to inject JavaScript code into the SSID field. If an administrator logs into the device, the injected script will be executed in their browser, potentially executing the attacker's malicious payload. This vulnerability can lead to unintended actions or information disclosure within the user's browser session.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/04wgwK
https://www.cve.org/CVERecord?id=CVE-2024-53943
https://nvd.nist.gov/vuln/detail/CVE-2024-53943

Back to Vulnerability Database

CVE-2024-53943

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations