Medium severity4.8NVD Advisory· Published Oct 30, 2024· Updated Jun 17, 2026
CVE-2024-31975
CVE-2024-31975
Description
EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=1.1.30
Patches
Vulnerability mechanics
References
1- github.com/actuator/cve/blob/main/Engenius/CVE-2024-31975nvdThird Party Advisory
News mentions
0No linked articles in our index yet.