exploitDog

CVE-2024-40112

Опубликовано: 02 июн. 2025

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.

Ссылки

http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads
Broken Link
https://github.com/Emm448/vulnerability-research/tree/main/CVE-2024-40112
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sitecom:wlx-2006_firmware:*:*:*:*:*:*:*:*

Версия до 1.5 (включая)

cpe:2.3:h:sitecom:wlx-2006:-:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00027

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-98

Связанные уязвимости

GHSA-j3qf-mq3f-rgcf

CVSS3: 5.9

github

8 месяцев назад

A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.

EPSS

Процентиль: 7%

0.00027

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-98