CVE-2024-9477

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.
References
Link Resource
https://www.usom.gov.tr/bildirim/tr-24-1851 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:airties:air4443_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airties:air4443:-:*:*:*:*:*:*:*

History

15 Nov 2024, 22:54

Type Values Removed Values Added
References () https://www.usom.gov.tr/bildirim/tr-24-1851 - () https://www.usom.gov.tr/bildirim/tr-24-1851 - Third Party Advisory
CPE cpe:2.3:o:airties:air4443_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airties:air4443:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
Summary
  • (es) Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o "Cross-site Scripting") en AirTies Air4443 Firmware que permite Cross-Site Scripting (XSS). Este problema afecta al firmware Air4443: hasta 14102024. NOTA: Se contactó al proveedor y se supo que el producto estaba clasificado como al final de su vida útil y al final de su soporte.
First Time Airties
Airties air4443 Firmware
Airties air4443

13 Nov 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-13 15:15

Updated : 2024-11-15 22:54


NVD link : CVE-2024-9477

Mitre link : CVE-2024-9477

CVE.ORG link : CVE-2024-9477


JSON object : View

Products Affected

airties

  • air4443
  • air4443_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')