Rewterz Threat Update – Vietnam’s Financial Sector Targeted by New APT Group ‘Lotus Bane’
March 7, 2024Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
March 7, 2024Rewterz Threat Update – Vietnam’s Financial Sector Targeted by New APT Group ‘Lotus Bane’
March 7, 2024Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
March 7, 2024Severity
Medium
Analysis Summary
CVE-2024-27684
D-Link GORTAC750 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi scripts. A remote attacker could exploit this vulnerability using the url parameter to execute a script in a victim’s Web browser within the security context of the hosting Website. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2024-27684
Affected Vendors
D-Link
Affected Products
- D-Link GO-RT-AC750 A1_FW_v101b03
Remediation
Refer to D-Link Website for patch, upgrade or suggested workaround information.