CVE-2024-31971

MEDIUM EPSS 29.0%

Published Jul 24, 20241y ago · Modified Jun 17, 20261w ago

4.8 CVSS 3.1

Medium

Published Jul 24, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html.

CVSS Details

Base Score

4.8

Exploitability

1.7

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

29.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 2

Vendor	Product	Version	Range
adtran	netvanta_3120_firmware	18.01.01.00.e	any
adtran	netvanta_3120	*	any

References 3

github.com https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-31971

Third Party Advisory
github.com https://github.com/actuator/cve/blob/main/AdTran/NetVanta-3120-XSS

Broken Link
supportcommunity.adtran.com https://supportcommunity.adtran.com/t5/NetVanta-Product-Notices/2019-Q2-NetVanta-3120-3130-EOL/ta-p/35715

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.