First published: Wed Jul 24 2024(Updated: )
**UNSUPPORTED WHEN ASSIGNED** Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Adtran NetVanta 3120 Firmware | =18.01.01.00.e | |
ADTRAN NetVanta |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-31971 is classified as a high severity vulnerability due to its potential for remote code execution via stored cross-site scripting.
To mitigate CVE-2024-31971, users should upgrade to the latest firmware version provided by AdTran that addresses these XSS vulnerabilities.
CVE-2024-31971 specifically affects AdTran NetVanta 3120 devices running firmware version 18.01.01.00.E.
CVE-2024-31971 allows remote attackers to execute arbitrary JavaScript in the context of the user’s session through stored XSS vulnerabilities.
Currently, the primary recommendation for CVE-2024-31971 is to apply the firmware update as a comprehensive workaround.