Skip to main content

Rely Pcie Firmware CVE-2024-44573

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-09-11 cve@mitre.org
4.7
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
4.7 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 11, 2024 - 17:15 cve.org
MEDIUM 4.7

DescriptionCVE.org

A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

AnalysisAI

A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Affected products include: Relyum Rely-Pcie Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-47577 CRITICAL
9.8 Dec 13

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no ch

CVE-2024-44577 HIGH
8.8 Sep 11

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function. Rat

CVE-2024-44574 HIGH
8.8 Sep 11

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function. Rate

CVE-2024-44572 HIGH
8.8 Sep 11

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function. Rate

CVE-2024-44570 HIGH
8.8 Sep 11

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpi

CVE-2024-44571 HIGH
8.8 Sep 11

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.

CVE-2023-47578 HIGH
8.8 Dec 13

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to

CVE-2023-47576 HIGH
8.8 Dec 13

An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection

CVE-2023-47573 HIGH
8.8 Dec 13

An issue discovered in Relyum RELY-PCIe 22.2.1 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2023-47579 HIGH
7.5 Dec 13

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central passwor

CVE-2023-47575 MEDIUM
6.1 Dec 13

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. Rated medium severity (CVSS 6.1), this v

CVE-2023-47574 MEDIUM
5.9 Dec 13

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. Rated medium severity (CVSS 5.9), this v

Share

CVE-2024-44573 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy