CVE-2024-3141 - Vulnerability Details

A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Clavister	E80
Clivester	E10

No data.

References

Link	Providers
https://docs.clavister.com/repo/cos-core-release-notes/doc/index.html#d0e2260
https://github.com/strik3r0x1/Vulns/blob/main/Clavister_E80-RXSS.md
https://my.clavister.com/downloads/?sid=1
https://vuldb.com/?ctiid.258916
https://vuldb.com/?id.258916
https://vuldb.com/?submit.303451

History

Wed, 12 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Clavister Clavister e80 Clivester Clivester e10
CPEs		cpe:2.3:a:clavister:e80:::::::: cpe:2.3:a:clivester:e10::::::::
Vendors & Products		Clavister Clavister e80 Clivester Clivester e10
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-04-01T23:00:06.054Z

Updated: 2025-03-12T16:41:36.487Z

Reserved: 2024-04-01T17:49:33.202Z

Link: CVE-2024-3141

Vulnrichment

Updated: 2024-08-01T19:32:42.904Z

NVD

Status : Awaiting Analysis

Published: 2024-04-01T23:15:10.113

Modified: 2024-11-21T09:28:59.207

Link: CVE-2024-3141

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object