CVE-2024-5420
published 2024-06-04CVE-2024-5420: Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows…
PriorityP355high8.3CVSS 4.0
AVNACLATNPRNUIAVCHVILVAHSCNSINSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
5.50%
91.8th percentile
Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| seh_computertechnik | inu-100 | <= 20.1.22 | — |
| seh_computertechnik | utnserver_pro | <= 20.1.22 | — |
| seh_computertechnik | utnserver_promax | <= 20.1.22 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandaction=set&sys_name=%E2%80%9C%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sys_descr=&sys_contact=↗
- →Detect exploitation attempt by matching POST body to the vulnerable endpoint with XSS payload in sys_name parameter ↗
- →Use Shodan query html:"utnserver Control Center" to identify exposed vulnerable devices on the internet ↗
- →The vulnerability is in the device description parameter (sys_name) of the web interface; monitor POST requests to /device/description_en.html with action=set for script injection patterns ↗
- ·Exploitation requires authentication (PR:L); the attacker must be an authenticated user to POST to the device description endpoint ↗
- ·Affected versions are 20.1.22 and below; devices running later firmware versions may not be vulnerable ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting
nuclei·CVSS 8.3
CVE-2024-5420 [HIGH] SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting
SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting
A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.
Template:
id: CVE-2024-5420
info:
name: SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting
author: bl4ckp4r4d1s3
severity: high
description: |
A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier,
2024-06-04
Published