Hi3120 Firmware
Monthly
Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript. [CVSS 4.8 MEDIUM]
Sensitive information disclosure in Hitron HI3120 firmware 7.2.4.5.2b1 exposes credentials or session data to a local low-privileged attacker through the device's web management interface Logout function in index.html. The root cause, indicated by the 'Insufficient Session Expiration' tag, is that the logout action fails to fully invalidate or clear sensitive session artifacts, leaving them recoverable post-logout. No active exploitation is confirmed (EPSS 0.11%, 1st percentile), and the attack surface is constrained to local access with low privileges, significantly limiting real-world impact despite the High confidentiality rating.
Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript. [CVSS 4.8 MEDIUM]
Sensitive information disclosure in Hitron HI3120 firmware 7.2.4.5.2b1 exposes credentials or session data to a local low-privileged attacker through the device's web management interface Logout function in index.html. The root cause, indicated by the 'Insufficient Session Expiration' tag, is that the logout action fails to fully invalidate or clear sensitive session artifacts, leaving them recoverable post-logout. No active exploitation is confirmed (EPSS 0.11%, 1st percentile), and the attack surface is constrained to local access with low privileges, significantly limiting real-world impact despite the High confidentiality rating.